OSX Apache and Mod_ssl

This one always gets me. Seems so difficult on OSX (Snow Leopard), so for all those who are trying to get https on the base install of apache(2) in snow leopard here are some tips.

Self signed SSL Cert generation in a terminal type:

  1. openssl genrsa -des3 -out server.key 1024
  2. openssl req -new -key server.key -out server.csr
  3. openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
  4. cp server.key server.key.bak
  5. openssl rsa -in server.key.bak -out server.key

The defaults are fine for a development environment, but of course you can enter in specifics if you need. I do recommend at least entering a common name (CN) though. You'll have to enter in a pass phrase in the first line and again in some of the subsequent commands.

Once you've run this you'll end up with the two all important files, the ssl certificate file (server.crt) and the ssl certificate key file (server.key). You need to point the apache configuration to these files.

sudo vim /etc/apache2/extra/httpd-ssl.conf

Find and edit the two lines below, to point to the files you generated above:

  1. SSLCertificateFile "/private/etc/apache2/server.crt"
  2. SSLCertificateKeyFile "/private/etc/apache2/server.key"

Next check that the mod ssl and ssl configuration is included in your apache configuration:

sudo vim /etc/apache2/httpd.conf

And check the following lines exist and aren't commented out:

  1. LoadModule ssl_module libexec/apache2/mod_ssl.so
  2. Include /private/etc/apache2/extra/httpd-ssl.conf

And finally you'll need to restart apache to get the new configuration loaded.

sudo apachectl restart

And that should be it, you should now be able to browse to https://localhost/. As it is a self signed certificate expect to click through a few warnings.

Happy SSLing.

Published by



Leave a Reply

Your email address will not be published. Required fields are marked *