I use a MacBook Pro (MBP) to develop a SaaS product that runs on PHP and Apache. Some pages, such as login forms, require SSL. For years, up until yesterday, I had to specially configure my local development machine to specifically not use SSL during testing because I had not setup the laptop to support SSL. However, yesterday I finally did it! Here’s how I did it, in case it is a benefit to anyone.
I need two domains for my purposes: one for the app itself and another one for the CDN server. So I figured out how to set up two SSL vhosts on the same MAMP Apache server.
Using these instructions, you’ll be able to use https://anysubdomain.fake-domain-1.com/ and https://fake-domain-2.com:4043/ for testing locally. There must be a way to get around using the different port for the second vhost, but I couldn’t figure it out. But it works! If you want to add on more SSL vhosts, I’m sure you could just use different ports.
On the MBP, I run MAMP (the free version).
Setup Local Domains
I test my app locally using a fake domain names. First, you need to establish your fake domain name as a local domain. To do so, you need to add it to your hosts file.
To open up your hosts file in TextEdit while logged in with root permission, enter the following in Terminal:
sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts
Your hosts files might look something like this:
127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost 127.0.0.1 mamp fake-domain-1.com anysubdomain.fake-domain-1.com fake-domain-2.com
Just add the domains you want after 127.0.0.1 mamp. Once you update your hosts file, you’ll need to enter this in Terminal.
dscacheutil - flushcache
Create Self-Signed SSL Certificates
Create a directory to store your SSL certificates at:
/Applications/MAMP/conf/apache/ssl
Then create directories in his folder for your various local domains:
/Applications/MAMP/conf/apache/ssl/fake-domain-1.com /Applications/MAMP/conf/apache/ssl/fake-domain-2.com
Log into Terminal. Sign in as root by using the su command. cd to one of the directories you just made and enter in these commands taken from Justin Samuel’s website. When you are prompted for a Common Name, enter “*.fake-domain.com” (where, of course, you substitute the domain you want to use). The * makes it a wildcard certificate for use with any subdomain on that domain. And don’t forget to enter a valid email address when asked for it. I just hit enter the first time I tried it and no files were generated.
(umask 077 && touch host.key host.cert host.info host.pem) openssl genrsa 2048 > host.key openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert openssl x509 -noout -fingerprint -text < host.cert > host.info cat host.cert host.key > host.pem chmod 400 host.key host.pem
Configure Apache
Edit the Apache config file at /Applications/MAMP/conf/apache/httpd.conf. Add this or uncomment relevant lines.
LoadModule ssl_module modules/mod_ssl.so <IfModule mod_ssl.c> SSLRandomSeed startup builtin SSLRandomSeed connect builtin Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/Applications/MAMP/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/Applications/MAMP/logs/ssl_mutex <VirtualHost *:443> ServerName fake-domain-1.com:443 ServerAdmin you@fake-domain-1.com ServerAlias *.fake-domain-1.com VirtualDocumentRoot /Applications/MAMP/htdocs/fake-domain-1.com/%-3+ ErrorLog /Applications/MAMP/logs/ssl_error_log TransferLog /Applications/MAMP/logs/ssl_access_log AddDefaultCharset utf-8 SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Applications/MAMP/conf/apache/ssl/fake-domain-1.com/host.cert SSLCertificateKeyFile /Applications/MAMP/conf/apache/ssl/fake-domain-1.com/host.key SetEnvIf User-Agent ".*MSIE*." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> Listen 4043 <VirtualHost *:4043> ServerName fake-domain-2.com ServerAdmin you@fake-domain-2.com DocumentRoot "/Applications/MAMP/htdocs/fake-domain-2.com" SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Applications/MAMP/conf/apache/ssl/fake-domain-2.com/host.cert SSLCertificateKeyFile /Applications/MAMP/conf/apache/ssl/fake-domain-2.com/host.key SetEnvIf User-Agent ".*MSIE*." nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> </IfModule>
Restart Apache
You can use the MAMP tool to restart servers.
Accept Self-Signed Certs in Firefox
Try out your your domain on https in your browser. It will throw an error, but if you add an exception to use the cert you won’t get anymore errors.
In order to accept the self-signed certificates in Firefox you’ll do the following. Go to the URLs at https://anysubdomain.fake-domain-1.com/ and https://fake-domain-2.com:4043/ using Firefox. Firefox will tell you that the connection is untrusted.
Click on “I Understand the Risks”.
Then click on “Add Exception”.
Wait a while for the cert to load up, then click on “Confirm Security Exception”.
Do this for all the domains you’ve setup.
It is not easy works for me 😉
Very interesting post for ssl certificates