Apache SSL on Mac OSX Lion 10.7
I have recently upgraded to OSX Lion from Snow Leopard, whilst setting up my development environment I needed to configure the built in Apache server to support SSL. Below are instructions on what needed to be done. Please note that the below is based on a clean install of OSX 10.7.2 and if you did an upgrade or are running a different version of Lion then the instructions below may need to be tweaked to suit your setup.
Generate a host key
First off we'll make a home for the new SSL files. I used /private/etc/apache2/ssl. We need to change to the new directory and then run a ssh-keygen command to create the server key file. Open up a terminal window and enter the commands below.
|
1 2 3 |
mkdir /private/etc/apache2/ssl cd /private/etc/apache2/ssl sudo ssh-keygen -f server.key |
Generate a certificate request file
This command creates a certificate request file. A certificate request file contains information about your organisation that will be used in the SSL certificate. You will be asked various questions, fill these in as appropriate or leave blank. Please note that you shouldn't set a pass phrase on the certificate, just leave this blank when it asks for a pass phrase.
|
1 |
sudo openssl req -new -key server.key -out request.csr |
Create the SSL certificate
Create a self signed SSL certificate using the request file.
|
1 |
sudo openssl x509 -req -days 365 -in request.csr -signkey server.key -out server.crt |
Configure Apache
Create a backup of /private/etc/apache2/httpd.conf.
In /private/etc/apache2/httpd.conf, make sure the SSL module is enabled (remove the # from the start of the line)
|
1 |
LoadModule ssl_module libexec/apache2/mod_ssl.so |
In the same file search for the below line and uncomment it (remove the #)
|
1 |
Include /private/etc/apache2/extra/httpd-ssl.conf |
Edit /private/etc/apache2/extra/httpd-ssl.conf, search for the lines that start with SSLCertificateFile, SSLCertificateKeyFile and update them to match the below:
|
1 2 |
SSLCertificateFile "/private/etc/apache2/ssl/server.crt" SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key" |
In the same file comment out (add a # to the beginning of the line) the lines that start with SSLCACertificatePath and SSLCARevocationPath
Configure the vhosts
In /private/etc/apache2/httpd.conf, search for the below line and uncomment it (remove the #)
|
1 |
Include /private/etc/apache2/extra/httpd-vhosts.conf |
Now open /private/etc/apache2/extra/httpd-vhosts.conf and add the line below under the port 80 NameVirtualHost directive
|
1 |
NameVirtualHost *:443 |
Now you can configure a basic SSL vhost by adding the code below to the end of the file. Please note that for the DocumentRoot you should replace it with a real path.
|
1 2 3 4 5 6 7 8 |
<VirtualHost *:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /private/etc/apache2/ssl/server.crt SSLCertificateKeyFile /private/etc/apache2/ssl/server.key ServerName localhost DocumentRoot "/some/website/directory/" </VirtualHost> |
Check the config and restart Apache
|
1 2 |
sudo apachectl configtest sudo apachectl restart |
Now you can open your browser and try out your new HTTPS site
