-
-
Save princenaman/dd3ad739e111495744ffc605d63f3469 to your computer and use it in GitHub Desktop.
Revisions
-
princenaman revised this gist
May 24, 2018 . No changes.There are no files selected for viewing
-
jonathantneal revised this gist
Jul 5, 2017 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -154,10 +154,10 @@ Within the editor, add a **443** VirtualHost Name and **localhost** <VirtualHost Back in **Terminal**, edit the SSL configuration. ```sh edit /etc/apache2/extra/httpd-ssl.conf ``` Next, comment line 144 and 154 to skip the default Server Certificate and Server Private Key. ```conf #SSLCertificateFile "/private/etc/apache2/server.crt" ``` @@ -178,4 +178,4 @@ Back in **Terminal**, restart Apache. sudo apachectl restart ``` Now, in a **web browser**, visit [https://localhost](https://localhost). The domain should appear trusted, and you should see a message stating that **localhost works!**. -
Sep 19, 2016 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,8 @@ # Local SSL websites on macOS Sierra These instructions will guide you through the process of setting up local, trusted websites on your own computer. These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion. **NOTE:** You may substitute the `edit` command for `nano`, `vim`, or whatever the editor of your choice is. Personally, I forward the `edit` command to [Sublime Text](http://www.sublimetext.com): -
Sep 19, 2016 . 1 changed file with 37 additions and 63 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,9 +2,9 @@ These instructions will guide you through the process of setting up local, trusted websites on your own computer. These instructions are intended to be used on macOS Sierra. **NOTE:** You may substitute the `edit` command for `nano`, `vim`, or whatever the editor of your choice is. Personally, I forward the `edit` command to [Sublime Text](http://www.sublimetext.com): ```sh alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl" @@ -28,7 +28,7 @@ Within **Terminal**, edit the Apache Configuration. edit /etc/apache2/httpd.conf ``` Within the editor, replace line 212 to supress messages about the server’s fully qualified domain name. ```conf ServerName localhost ``` @@ -37,7 +37,6 @@ Next, uncomment line 160 and line 499 to enable Virtual Hosts. ```conf LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so ``` ```conf Include /private/etc/apache2/extra/httpd-vhosts.conf ``` @@ -47,12 +46,12 @@ Optionally, uncomment line 169 to enable PHP. LoadModule php5_module libexec/apache2/libphp5.so ``` Within **Terminal**, edit the Virtual Hosts configuration. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Within the editor, replace the entire contents of this file with the following, replacing *indieweb* with your user name. ```conf <VirtualHost *:80> ServerName localhost @@ -75,17 +74,12 @@ sudo apachectl restart ### Configuring Apache: Creating a Site Within **Terminal**, create a **Sites** parent directory and a **localhost** subdirectory, which will be our first site. ```sh mkdir -p ~/Sites/localhost ``` Next, create a test HTML document within **localhost**. ```sh echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html ``` @@ -96,58 +90,18 @@ Now, in a **web browser**, visit [http://localhost](http://localhost). You shoul ## Configuring SSL Within **Terminal**, create an SSL directory. ```sh sudo mkdir /etc/apache2/ssl ``` Next, generate a private key and certificate for your site. ```sh sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048 sudo openssl req -new -x509 -key /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.crt -days 3650 -subj /CN=localhost ``` Finally, add the certificate to Keychain Access. ```sh sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt ``` @@ -159,11 +113,10 @@ Within **Terminal**, edit the Apache Configuration. edit /etc/apache2/httpd.conf ``` Within the editor, uncomment lines 89 and 143 to enable modules required by HTTPS. ```conf LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so ``` ```conf LoadModule ssl_module libexec/apache2/mod_ssl.so ``` @@ -173,12 +126,12 @@ Next, uncomment line 516 to enable Trusted Virtual Hosts. Include /private/etc/apache2/extra/httpd-ssl.conf ``` Back in **Terminal**, edit the Virtual Hosts configuration. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Within the editor, add a **443** VirtualHost Name and **localhost** <VirtualHost> Directive at the end of the file, replacing *indieweb* with your user name. ```conf <VirtualHost *:443> ServerName localhost @@ -199,7 +152,28 @@ Within your editor, add a **443** VirtualHost Name and **localhost** <VirtualHos </VirtualHost> ``` Back in **Terminal**, edit the SSL configuration. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Next, comment line 44 and 54 to skip the default Server Certificate and Server Private Key. ```conf #SSLCertificateFile "/private/etc/apache2/server.crt" ``` ```conf #SSLCertificateKeyFile "/private/etc/apache2/server.key" ``` Next, beneath the commented certificates or keys, add references to your certificate and key. ```conf SSLCertificateFile "/etc/apache2/ssl/localhost.crt" ``` ```conf SSLCertificateKeyFile "/etc/apache2/ssl/localhost.key" ``` Back in **Terminal**, restart Apache. ```sh sudo apachectl restart ``` -
Nov 3, 2014 . 1 changed file with 6 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,6 +4,12 @@ These instructions will guide you through the process of setting up local, trust These instructions are intended to be used on Mac OSX Yosemite. **NOTE:** You may substitute the `edit` command for `nano`, `vim`, or whatever the editor of your choice is. Personally, I forward `edit` to [Sublime Text](http://www.sublimetext.com): ```sh alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl" ``` --- ## Configuring Apache -
Nov 3, 2014 . 1 changed file with 22 additions and 22 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,9 +22,14 @@ Within **Terminal**, edit the Apache Configuration. edit /etc/apache2/httpd.conf ``` Within your editor, replace line 212 to supress messages about the server’s fully qualified domain name. ```conf ServerName localhost ``` Next, uncomment line 160 and line 499 to enable Virtual Hosts. ```conf LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so ``` ```conf @@ -79,7 +84,7 @@ Finally, create an HTML document within **localhost**. echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html ``` Now, in a **web browser**, visit [http://localhost](http://localhost). You should see a message stating that **localhost works**. --- @@ -101,8 +106,8 @@ sudo openssl rsa -in /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localh Next, create and edit an OpenSSL Configuration. ```sh sudo touch /etc/apache2/ssl/localhost.conf edit /etc/apache2/ssl/localhost.conf ``` Within your editor, add the following configuration. @@ -127,13 +132,13 @@ DNS.2 = *.localhost Within **Terminal**, generate Certificate Requests using the OpenSSL Configuration, optionally replacing the defaults as you see fit. ```sh sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.conf ``` Next, use the Certificate Requests to sign the SSL Certificates with extensions. ```sh sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localhost.csr -signkey /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.crt -extfile /etc/apache2/ssl/localhost.conf ``` Finally, add the later SSL Certificate to Keychain Access. @@ -148,47 +153,42 @@ Within **Terminal**, edit the Apache Configuration. edit /etc/apache2/httpd.conf ``` Within your editor, uncomment lines 89 and 143 to enable modules required by HTTPS. ```conf LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so ``` ```conf LoadModule ssl_module libexec/apache2/mod_ssl.so ``` Next, uncomment line 516 to enable Trusted Virtual Hosts. ```conf Include /private/etc/apache2/extra/httpd-ssl.conf ``` Within **Terminal**, edit the Virtual Hosts file. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Within your editor, add a **443** VirtualHost Name and **localhost** <VirtualHost> Directive at the end of the file, replacing *indieweb* with your user name. ```conf <VirtualHost *:443> ServerName localhost DocumentRoot "/Users/indieweb/Sites/localhost" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/localhost.crt SSLCertificateKeyFile /etc/apache2/ssl/localhost.key <Directory "/Users/indieweb/Sites/localhost"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all Require all granted </Directory> </VirtualHost> ``` -
Nov 3, 2014 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,7 @@ edit /etc/apache2/httpd.conf Within your editor, uncomment line 160 and line 499 to enable Virtual Hosts. ```conf LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so ``` ```conf @@ -41,7 +41,7 @@ Within **Terminal**, edit the Virtual Hosts. edit /etc/apache2/extra/httpd-vhosts.conf ``` Within your editor, replace the entire contents of this file with the following, replacing *indieweb* with your user name. ```conf <VirtualHost *:80> ServerName localhost @@ -52,6 +52,7 @@ Within your editor, add a Virtual Host on line 44, replacing *indieweb* with you AllowOverride All Order allow,deny Allow from all Require all granted </Directory> </VirtualHost> ``` @@ -75,7 +76,7 @@ mkdir ~/Sites/localhost Finally, create an HTML document within **localhost**. ```sh echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html ``` Now, in a **web browser**, visit [http://localhost](http://localhost). You should see a message stating that **localhost works!**. -
Oct 4, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ These instructions will guide you through the process of setting up local, trusted websites on your own computer. These instructions are intended to be used on Mac OSX Yosemite. --- -
Oct 4, 2014 . 1 changed file with 10 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,11 +22,20 @@ Within **Terminal**, edit the Apache Configuration. edit /etc/apache2/httpd.conf ``` Within your editor, uncomment line 160 and line 499 to enable Virtual Hosts. ```conf LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so ``` ```conf Include /private/etc/apache2/extra/httpd-vhosts.conf ``` Optionally, uncomment line 169 to enable PHP. ```conf LoadModule php5_module libexec/apache2/libphp5.so ``` Within **Terminal**, edit the Virtual Hosts. ```sh edit /etc/apache2/extra/httpd-vhosts.conf -
Jul 10, 2014 . 1 changed file with 2 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -95,10 +95,9 @@ sudo touch /etc/apache2/localhost.conf edit /etc/apache2/localhost.conf ``` Within your editor, add the following configuration. ```conf [req] default_bits = 1024 distinguished_name = req_distinguished_name req_extensions = v3_req @@ -115,7 +114,7 @@ DNS.1 = localhost DNS.2 = *.localhost ``` Within **Terminal**, generate Certificate Requests using the OpenSSL Configuration, optionally replacing the defaults as you see fit. ```sh sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.cnf -
Jul 10, 2014 . 1 changed file with 5 additions and 18 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -98,25 +98,12 @@ edit /etc/apache2/localhost.conf Within your editor, add the following configuration, optionally replacing the defaults as you see fit. ```conf [req] [req] default_bits = 1024 distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] [v3_req] basicConstraints = CA:FALSE @@ -128,10 +115,10 @@ DNS.1 = localhost DNS.2 = *.localhost ``` Within **Terminal**, generate Certificate Requests using the OpenSSL Configuration. ```sh sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=California/L=Orange/O=IndieWebCamp/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.cnf ``` Next, use the Certificate Requests to sign the SSL Certificates with extensions. @@ -142,7 +129,7 @@ sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localho Finally, add the later SSL Certificate to Keychain Access. ```sh sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt ``` ### Configuring SSL: Setting up a Trusted Virtual Host -
Jul 10, 2014 . 1 changed file with 34 additions and 19 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -75,11 +75,20 @@ Now, in a **web browser**, visit [http://localhost](http://localhost). You shoul ## Configuring SSL Within **Terminal**, create a SSL directory. ```sh sudo mkdir /etc/apache2/ssl ``` Next, generate two Host keys, decrypting the later. ```sh sudo openssl genrsa -out /etc/apache2/server.key 2048 sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048 sudo openssl rsa -in /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.key.rsa ``` Next, create and edit an OpenSSL Configuration. ```sh sudo touch /etc/apache2/localhost.conf @@ -88,12 +97,12 @@ edit /etc/apache2/localhost.conf Within your editor, add the following configuration, optionally replacing the defaults as you see fit. ```conf [req] default_bits = 1024 distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) @@ -104,29 +113,34 @@ organizationName = Organization Name (eg, company) organizationName_default = IndieWebCamp commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = localhost emailAddress = Email Address emailAddress_max = 40 emailAddress_default = me@localhost [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = *.localhost ``` Within **Terminal**, generate Certificate Requests using the OpenSSL Configuration. You will be prompted to enter various fields, all of which you may skip. ```sh sudo openssl req -new -key /etc/apache2/server.key -out /etc/apache2/server.csr sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.cnf ``` Next, use the Certificate Requests to sign the SSL Certificates with extensions. ```sh sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localhost.csr -signkey /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.crt -extfile /etc/apache2/ssl/localhost.cnf ``` Finally, add the later SSL Certificate to Keychain Access. ```sh sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/localhost.crt ``` @@ -148,11 +162,12 @@ Within **Terminal**, edit the Apache SSL Configuration file. edit /etc/apache2/extra/httpd-ssl.conf ``` Within your editor, uncomment line 120 and 128. ```conf SSLCertificateFile "/private/etc/apache2/server.crt" ``` ```conf SSLCertificateKeyFile "/private/etc/apache2/server.key" ``` Within **Terminal**, edit the Virtual Hosts file. @@ -170,8 +185,8 @@ NameVirtualHost *:443 SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /private/etc/apache2/ssl/localhost.crt SSLCertificateKeyFile /private/etc/apache2/ssl/localhost.key <Directory "/Users/indieweb/Sites/localhost"> Options Indexes FollowSymLinks @@ -187,4 +202,4 @@ Within **Terminal**, restart Apache. sudo apachectl restart ``` Now, in a **web browser**, visit [https://localhost](https://localhost). The domain should appear trusted, and you should see a message stating that **localhost works!**. -
Jul 10, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -123,7 +123,7 @@ sudo openssl req -new -nodes -key /etc/apache2/server.key -out /etc/apache2/loca Next, use the Certificate Request to create an SSL Certificate. ```sh sudo openssl x509 -req -days 365 -in /etc/apache2/localhost.csr -signkey /etc/apache2/server.key -out /etc/apache2/localhost.crt -extensions v3_req -extfile /etc/apache2/localhost.conf ``` Finally, add the SSL Certificate to Keychain Access. -
Jul 10, 2014 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -91,7 +91,7 @@ Within your editor, add the following configuration, optionally replacing the de [ req ] default_bits = 1024 distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] countryName = Country Name (2 letter code) @@ -106,7 +106,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = *.localhost [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names -
Jul 10, 2014 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -104,9 +104,11 @@ organizationName = Organization Name (eg, company) organizationName_default = IndieWebCamp commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = *.localhost [ req_ext ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [ alt_names ] -
Jul 10, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -106,7 +106,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = localhost [ req_ext ] subjectAltName = @alt_names [ alt_names ] -
Jul 10, 2014 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -106,11 +106,12 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = localhost [ v3_req ] subjectAltName = @alt_names [ alt_names ] DNS.1 = localhost DNS.2 = *.localhost ``` Within **Terminal**, generate a Certificate Request using the OpenSSL Configuration. You will be prompted to enter various fields, which you may leave blank. -
Jul 9, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,187 @@ # Local SSL websites on Mac OSX These instructions will guide you through the process of setting up local, trusted websites on your own computer. These instructions are intended to be used on Mac OSX Mountain Lion and Mavericks. They may also work for Yosemite, but have not been tested. --- ## Configuring Apache Within **Terminal**, start **Apache**. ```sh sudo apachectl start ``` In a **web browser**, visit [http://localhost](http://localhost). You should see a message stating that **It works!**. ### Configuring Apache: Setting up a Virtual Host Within **Terminal**, edit the Apache Configuration. ```sh edit /etc/apache2/httpd.conf ``` Within your editor, uncomment line 478 to enable Virtual Hosts. ```conf Include /private/etc/apache2/extra/httpd-vhosts.conf ``` Within **Terminal**, edit the Virtual Hosts. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Within your editor, add a Virtual Host on line 44, replacing *indieweb* with your user name. ```conf <VirtualHost *:80> ServerName localhost DocumentRoot "/Users/indieweb/Sites/localhost" <Directory "/Users/indieweb/Sites/localhost"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> ``` Within **Terminal**, restart Apache. ```sh sudo apachectl restart ``` ### Configuring Apache: Creating a Site Within **Terminal**, Create a **Sites** directory, which will be the parent directory of many individual **Site** subdirectories. ```sh mkdir ~/Sites ``` Next, create a **localhost** subdirectory within **Sites**, which will be our first site. ```sh mkdir ~/Sites/localhost ``` Finally, create an HTML document within **localhost**. ```sh echo "<h1>localhost works!</h1>" > ~/Sites/localhost/index.html ``` Now, in a **web browser**, visit [http://localhost](http://localhost). You should see a message stating that **localhost works!**. --- ## Configuring SSL Within **Terminal**, generate a Host key. You will be prompted to enter a passphrase which you may leave blank. ```sh sudo ssh-keygen -f /etc/apache2/server.key ``` Next, create and edit an OpenSSL Configuration. ```sh sudo touch /etc/apache2/localhost.conf edit /etc/apache2/localhost.conf ``` Within your editor, add the following configuration, optionally replacing the defaults as you see fit. ```conf [ req ] default_bits = 1024 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = California localityName = Locality Name (eg, city) localityName_default = Los Angeles organizationName = Organization Name (eg, company) organizationName_default = IndieWebCamp commonName = Common Name (eg, YOUR name) commonName_max = 64 commonName_default = localhost [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = *.localhost ``` Within **Terminal**, generate a Certificate Request using the OpenSSL Configuration. You will be prompted to enter various fields, which you may leave blank. ```sh sudo openssl req -new -nodes -key /etc/apache2/server.key -out /etc/apache2/localhost.csr -config /etc/apache2/localhost.conf ``` Next, use the Certificate Request to create an SSL Certificate. ```sh sudo openssl x509 -req -days 365 -in /etc/apache2/localhost.csr -signkey /etc/apache2/server.key -out /etc/apache2/localhost.crt ``` Finally, add the SSL Certificate to Keychain Access. ```sh sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/localhost.crt ``` ### Configuring SSL: Setting up a Trusted Virtual Host Within **Terminal**, edit the Apache Configuration. ```sh edit /etc/apache2/httpd.conf ``` Within your editor, uncomment line 490 to enable Trusted Virtual Hosts. ```conf Include /private/etc/apache2/extra/httpd-ssl.conf ``` Within **Terminal**, edit the Apache SSL Configuration file. ```sh edit /etc/apache2/extra/httpd-ssl.conf ``` Within your editor, comment out line 120. Next, add the SSL Certificate on line 123. ```conf SSLCertificateFile "/private/etc/apache2/localhost.crt" ``` Within **Terminal**, edit the Virtual Hosts file. ```sh edit /etc/apache2/extra/httpd-vhosts.conf ``` Within your editor, add a **443** VirtualHost Name and **localhost** <VirtualHost> Directive on line 56, replacing *indieweb* with your user name. ```conf NameVirtualHost *:443 <VirtualHost *:443> ServerName localhost DocumentRoot "/Users/indieweb/Sites/localhost" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /private/etc/apache2/localhost.crt SSLCertificateKeyFile /private/etc/apache2/server.key <Directory "/Users/indieweb/Sites/localhost"> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost> ``` Within **Terminal**, restart Apache. ```sh sudo apachectl restart ``` Now, in a **web browser**, visit [https://localhost](https://localhost). You should see a message stating that **localhost works!**.