Check out the Latest Articles:

I use a MacBook Pro (MBP) to develop a SaaS product that runs on PHP and Apache. Some pages, such as login forms, require SSL. For years, up until yesterday, I had to specially configure my local development machine to specifically not use SSL during testing because I had not setup the laptop to support SSL. However, yesterday I finally did it! Here’s how I did it, in case it is a benefit to anyone.

I need two domains for my purposes: one for the app itself and another one for the CDN server. So I figured out how to set up two SSL vhosts on the same MAMP Apache server.

Using these instructions, you’ll be able to use https://anysubdomain.fake-domain-1.com/ and https://fake-domain-2.com:4043/ for testing locally. There must be a way to get around using the different port for the second vhost, but I couldn’t figure it out. But it works! If you want to add on more SSL vhosts, I’m sure you could just use different ports.

On the MBP, I run MAMP (the free version).

Setup Local Domains

I test my app locally using a fake domain names. First, you need to establish your fake domain name as a local domain. To do so, you need to add it to your hosts file.

To open up your hosts file in TextEdit while logged in with root permission, enter the following in Terminal:

sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts

Your hosts files might look something like this:

127.0.0.1    localhost
255.255.255.255    broadcasthost
::1             localhost
fe80::1%lo0    localhost
127.0.0.1 mamp fake-domain-1.com anysubdomain.fake-domain-1.com fake-domain-2.com

Just add the domains you want after 127.0.0.1 mamp. Once you update your hosts file, you’ll need to enter this in Terminal.

dscacheutil - flushcache

Create Self-Signed SSL Certificates

Create a directory to store your SSL certificates at:

/Applications/MAMP/conf/apache/ssl

Then create directories in his folder for your various local domains:

/Applications/MAMP/conf/apache/ssl/fake-domain-1.com
/Applications/MAMP/conf/apache/ssl/fake-domain-2.com

Log into Terminal. Sign in as root by using the su command. cd to one of the directories you just made and enter in these commands taken from Justin Samuel’s website. When you are prompted for a Common Name, enter “*.fake-domain.com” (where, of course, you substitute the domain you want to use). The * makes it a wildcard certificate for use with any subdomain on that domain. And don’t forget to enter a valid email address when asked for it. I just hit enter the first time I tried it and no files were generated.

(umask 077 && touch host.key host.cert host.info host.pem)
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key >  host.cert
openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem
chmod 400 host.key host.pem

Configure Apache

Edit the Apache config file at /Applications/MAMP/conf/apache/httpd.conf. Add this or uncomment relevant lines.

LoadModule ssl_module modules/mod_ssl.so
<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/Applications/MAMP/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/Applications/MAMP/logs/ssl_mutex
<VirtualHost *:443>
ServerName fake-domain-1.com:443
ServerAdmin you@fake-domain-1.com
ServerAlias *.fake-domain-1.com
VirtualDocumentRoot /Applications/MAMP/htdocs/fake-domain-1.com/%-3+
ErrorLog /Applications/MAMP/logs/ssl_error_log
TransferLog /Applications/MAMP/logs/ssl_access_log
AddDefaultCharset utf-8
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /Applications/MAMP/conf/apache/ssl/fake-domain-1.com/host.cert
SSLCertificateKeyFile /Applications/MAMP/conf/apache/ssl/fake-domain-1.com/host.key
SetEnvIf User-Agent ".*MSIE*." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

Listen 4043

<VirtualHost *:4043>
 ServerName fake-domain-2.com
 ServerAdmin you@fake-domain-2.com
 DocumentRoot "/Applications/MAMP/htdocs/fake-domain-2.com"

 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateFile /Applications/MAMP/conf/apache/ssl/fake-domain-2.com/host.cert
 SSLCertificateKeyFile /Applications/MAMP/conf/apache/ssl/fake-domain-2.com/host.key
 SetEnvIf User-Agent ".*MSIE*." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

Restart Apache

You can use the MAMP tool to restart servers.

Accept Self-Signed Certs in Firefox

Try out your your domain on https in your browser. It will throw an error, but if you add an exception to use the cert you won’t get anymore errors.

In order to accept the self-signed certificates in Firefox you’ll do the following. Go to the URLs at https://anysubdomain.fake-domain-1.com/ and https://fake-domain-2.com:4043/ using Firefox. Firefox will tell you that the connection is untrusted.

Click on “I Understand the Risks”.

Then click on “Add Exception”.

Wait a while for the cert to load up, then click on “Confirm Security Exception”.

Do this for all the domains you’ve setup.

Be Sociable, Share!

Back to Top ↑