This one always gets me. Seems so difficult on OSX (Snow Leopard), so for all those who are trying to get https on the base install of apache(2) in snow leopard here are some tips.
Self signed SSL Cert generation in a terminal type:
- openssl genrsa -des3 -out server.key 1024
- openssl req -new -key server.key -out server.csr
- openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
- cp server.key server.key.bak
- openssl rsa -in server.key.bak -out server.key
The defaults are fine for a development environment, but of course you can enter in specifics if you need. I do recommend at least entering a common name (CN) though. You'll have to enter in a pass phrase in the first line and again in some of the subsequent commands.
Once you've run this you'll end up with the two all important files, the ssl certificate file (server.crt) and the ssl certificate key file (server.key). You need to point the apache configuration to these files.
sudo vim /etc/apache2/extra/httpd-ssl.conf
Find and edit the two lines below, to point to the files you generated above:
- SSLCertificateFile "/private/etc/apache2/server.crt"
- SSLCertificateKeyFile "/private/etc/apache2/server.key"
Next check that the mod ssl and ssl configuration is included in your apache configuration:
sudo vim /etc/apache2/httpd.conf
And check the following lines exist and aren't commented out:
- LoadModule ssl_module libexec/apache2/mod_ssl.so
- Include /private/etc/apache2/extra/httpd-ssl.conf
And finally you'll need to restart apache to get the new configuration loaded.
sudo apachectl restart
And that should be it, you should now be able to browse to https://localhost/. As it is a self signed certificate expect to click through a few warnings.