Skip to content

Instantly share code, notes, and snippets.

@princenaman

princenaman/README.md

Forked from jonathantneal/README.md
Created May 24, 2018 07:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save princenaman/dd3ad739e111495744ffc605d63f3469 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save princenaman/dd3ad739e111495744ffc605d63f3469 to your computer and use it in GitHub Desktop.
Download ZIP
Local SSL websites on macOS
Raw
README.md

Local SSL websites on Mac OSX

These instructions will guide you through the process of setting up local, trusted websites on your own computer.

These instructions are intended to be used on Mac OSX Yosemite.

Configuring Apache

Within Terminal, start Apache.

sudo apachectl start

In a web browser, visit http://localhost. You should see a message stating that It works!.

Configuring Apache: Setting up a Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within your editor, uncomment line 160 and line 499 to enable Virtual Hosts.

LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so

Include /private/etc/apache2/extra/httpd-vhosts.conf

Optionally, uncomment line 169 to enable PHP.

LoadModule php5_module libexec/apache2/libphp5.so

Within Terminal, edit the Virtual Hosts.

edit /etc/apache2/extra/httpd-vhosts.conf

Within your editor, add a Virtual Host on line 44, replacing indieweb with your user name.

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Within Terminal, restart Apache.

sudo apachectl restart

Configuring Apache: Creating a Site

Within Terminal, Create a Sites directory, which will be the parent directory of many individual Site subdirectories.

mkdir ~/Sites

Next, create a localhost subdirectory within Sites, which will be our first site.

mkdir ~/Sites/localhost

Finally, create an HTML document within localhost.

echo "<h1>localhost works!</h1>" > ~/Sites/localhost/index.html

Now, in a web browser, visit http://localhost. You should see a message stating that localhost works!.

Configuring SSL

Within Terminal, create a SSL directory.

sudo mkdir /etc/apache2/ssl

Next, generate two Host keys, decrypting the later.

sudo openssl genrsa -out /etc/apache2/server.key 2048
sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl rsa -in /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.key.rsa

Next, create and edit an OpenSSL Configuration.

sudo touch /etc/apache2/localhost.conf
edit /etc/apache2/localhost.conf

Within your editor, add the following configuration.

[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = *.localhost

Within Terminal, generate Certificate Requests using the OpenSSL Configuration, optionally replacing the defaults as you see fit.

sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr
sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.cnf

Next, use the Certificate Requests to sign the SSL Certificates with extensions.

sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt
sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localhost.csr -signkey /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.crt -extfile /etc/apache2/ssl/localhost.cnf

Finally, add the later SSL Certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Configuring SSL: Setting up a Trusted Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within your editor, uncomment line 490 to enable Trusted Virtual Hosts.

Include /private/etc/apache2/extra/httpd-ssl.conf

Within Terminal, edit the Apache SSL Configuration file.

edit /etc/apache2/extra/httpd-ssl.conf

Within your editor, uncomment line 120 and 128.

SSLCertificateFile "/private/etc/apache2/server.crt"

SSLCertificateKeyFile "/private/etc/apache2/server.key"

Within Terminal, edit the Virtual Hosts file.

edit /etc/apache2/extra/httpd-vhosts.conf

Within your editor, add a 443 VirtualHost Name and localhost Directive on line 56, replacing indieweb with your user name.

NameVirtualHost *:443

<VirtualHost *:443>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /private/etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /private/etc/apache2/ssl/localhost.key

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Within Terminal, restart Apache.

sudo apachectl restart

Now, in a web browser, visit https://localhost. The domain should appear trusted, and you should see a message stating that localhost works!.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment