Category: SSL

Posted on by Leave a comment

MAMP and SSL

Settings up a local web host/server on a iMAc is not that hard nowadays, Apple even ships with a built in server, if you want. Those of you that installed MAMP but opted out of MAMP Pro, may find them self in need of a SSL setup for local development. Or just because we can. Now MAMP is not supposed to be able to that. But we have a small/intermediate tutorial for you that just does that. Keep in mind this will be a self signed certificate. So lets get in on, but first things first:

Make a backup of your files!

So now that you have done creating a backup of your files here are the steps involved:

1. Navigate to your home folder

We will need a folder to hold those SSL files we will be generating our self


cd ~

2. Check if you have a ssl folder, if not then create one with


mkdir ssl

3. Then first create a v3.ext file


authorityKeyIdentifier = keyid, issuer
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost

4. Next we create a server.csr.cnf file


[req]
default_bits= 2048
prompt= no
default_md= sha256
distinguished_name = dn
[dn]
C = NL
ST = UT
L = Utrecht
O = End Point
OU = Testing Domain
emailAddress = yourname@yourdomain.com
CN = localhost

5. Now we need to issue a few commands on the commandline


#From the commandline navigate to ~/ssl folder and execute these commands 
#Make sure you create your server.csr.cnf and your v3.ext files first inside the same folder 

#generate a private key 

#This will ask you for a passphrase(password) do NOT lose this file or the password 
openssl genrsa -des3 -out ~/ssl/rootCA.key 2048 

#root certificate 
openssl req -x509 -new -nodes -key ~/ssl/rootCA.key -sha256 -days 1024 -out ~/ssl/rootCA.pem 

#private key for the certificate (server.key) 
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <(cat server.csr.cnf)

#server.crt 
openssl x509 -req -in server.csr -CA ~/ssl/rootCA.pem -CAkey ~/ssl/rootCA.key -CA createserial -out server.crt -days 500 -sha256 -extfile v3.ext 

#check what we have done so far 
openssl x509 -text -in server.crt -nooutt

6. Then we start editing out httpd.conf files


#BACKUP YOUR FILES FIRST

#EDITS FOR httpd.conf

#1. Uncomment these lines
LoadModule ssl_module modules/mod_ssl.so
Include /Applications/MAMP/conf/extra/httpd-ssl.conf

#2. Change ServerName value
ServerName localhost:443

#EDITS FOR httpd-ssl.conf

#3. Uncomment
Listen 443

#4. Edit VirtualHost opening tag
&amp;amp;amp;amp;amp;lt;VirtualHost *:443&amp;amp;amp;amp;amp;gt;

#5. Inside VirtualHost edit these lines
DocumentRoot "/Applications/MAMP/htdocs"
ServerName localhost:443
SSLEngine on

#6. Add/Uncomment/Edit the two certificate lines
SSLCertificateFile "/Users/YOURUSERNAME/ssl/server.crt"
SSLCertificateKeyFile "/Users/YOURUSERNAME/ssl/server.key"

7. Now we are going to add our public key to the keychain

Drag your .pem file to the window and make sure to set it to always trust

8. Now shutdown MAMP and try to restart.

Most likely this will not work right away.

Notes

After some fiddling I came up with the next few things

make sure the DocumentRoot in httpd-ssl.conf is correct

it should read:

DocumentRoot “/Applications/MAMP/htdocs”

in some MAMP configurations the path is wrong and reads:

DocumentRoot “/Applications/MAMP/Library/htdocs”

 

First time starting with MAMP might fail:

Try starting it with


sudo /Applications/MAMP/Library/bin/apachectl start

After these settings and changes i was able to access my sites on localhost with


https://localhost/