Apache SSL on Mac OSX
Recently I needed to configure a virtual host with SSL, after struggling a bit here is a step-by-step on how to do it.
I tested these steps on Mac OSX 10.9, also known as Mavericks, but this should work fine in other OSes running Apache. Of course this set of instructions may or may not need some adjustments to suit your environment.
1. Generate the host key
We need to generate a key for the server. Remember do NOT enter a pass phrase for this key, when prompted just leave it blank.
mkdir /private/etc/apache2/ssl cd /private/etc/apache2/ssl sudo ssh-keygen -f server.key
2. Create the certificate request file
This file should have some info about your org that will be used in the SSL certificate. You will be asked some questions, just answer them freely.
sudo openssl req -new -key server.key -out request.csr
3. SSL Certificate
Now it's time to create the self-signed certificate. You do this by executing:
sudo openssl x509 -req -days 365 -in request.csr -signkey server.key -out server.crt
4. Apache Time!
We now have the certificate and it's time to configure Apache.
First of all make a backup of your configuration file /private/etc/apache2/httpd.conf, just in case this goes south.
Enable SSL Module
/private/etc/apache2/httpd.conf and verify that the SSL module is enabled (this means that the line loading the module should be uncommented), e.g.
LoadModule ssl_module libexec/apache2/mod_ssl.so #This is a comment so if the line above has the # just remove it
Include SSL conf file
In the same file, make sure this line is also uncommented.
Include your previously created SSL files in the config
Now go to
/private/etc/apache2/extra/httpd-ssl.conf and change these two lines:
SSLCertificateFile "/private/etc/apache2/ssl/server.crt" SSLCertificateKeyFile "/private/etc/apache2/ssl/server.key"
Comment unnecessary lines
Same file as above. Comment (add a # at the beginning of the line) the lines that start with:
5. Configure the virtual host
You are almost ready, just need to configure a vhost that uses your newly configured SSL.
So make sure your vhosts config file is included in
This line should be uncommented:
Then go to
/private/etc/apache2/extra/httpd-vhosts.conf and add
NameVirtualHost *:443 below the line that says
Now you can configure a SSL vhost like this:
<VirtualHost *:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /private/etc/apache2/ssl/server.crt SSLCertificateKeyFile /private/etc/apache2/ssl/server.key ServerName somename DocumentRoot "/path/to/some/directory/" </VirtualHost>
6. Restart Apache
Finally you have to restart Apache and you are all done.
sudo apachectl restart
Note: You can check apache configuration before restarting it by executing:
sudo apachectl configtest
You can now go to
https://somename and enjoy your site.