MacOS X: Configure Apache HTTP Server to Support HTTPS

MacOS X 10.8 – Mountain Lion has built in Apache HTTP server as I previously mentioned here. By default, the web server has disabled it’s functionality to handle HTTPS request, it is HTTP over SSL a.k.a Secure HTTP. It is a good idea to test your HTTPS web application on localhost during development. Then enabling HTTPS functionality in Apache web server is a must.

The steps to enable HTTPS functionality in Apache web server is quite straightforward. Assuming you are already logged in as root user in Terminal, follow the following steps:

  1. In a “secure” folder you had chosen to store the SSL certificat, generate a private key by the following command (in my case it is: /var/root/):

    openssl genrsa -des3 -out server.key 1024
  2. You will then see something like the following output, enter your desired pass phrase when asked:
    root@MacBookPro ~$ openssl genrsa -des3 -out server.key 1024
    Generating RSA private key, 1024 bit long modulus
    e is 65537 (0x10001)
    Enter pass phrase for server.key:
    Verifying - Enter pass phrase for server.key:
  3. Next, Generating the CSR (certificate signing request):
    openssl req -new -key server.key -out server.csr
  4. You will then be asked for the following details:
    root@MacBookPro ~$ openssl req -new -key server.key -out server.csr
    Enter pass phrase for server.key:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [AU]:ID
    State or Province Name (full name) [Some-State]:East Java
    Locality Name (eg, city) []:Malang
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:A-Works, Inc.
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:Aryo Pinandito
    Email Address []:aryoxp@gmail.comPlease enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:password
    An optional company name []:
  5. Next, generating the self signed certificate:
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  6. Then you will be asked for your previously entered pass phrase like the following output:
    root@MacBookPro ~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    Signature ok
    subject=/C=ID/ST=East Java/L=Malang/O=A-Works, Inc./CN=Aryo Pinandito/
    Getting Private key
    Enter pass phrase for server.key:
  7. There you will see three new files like the following:
    root@MacBookPro ~$ ls -l
    -rw-r--r-- 1 root wheel 928 Feb 6 21:38 server.crt
    -rw-r--r-- 1 root wheel 725 Feb 6 21:38 server.csr
    -rw-r--r-- 1 root wheel 963 Feb 6 21:36 server.key
    root@MacBookPro ~$
  8. Okay, SSL certificate and keys are ready, next configure the Apache web server to support HTTPS and listen to port 443. Point your terminal to directory where Apache httpd.conf file located, mine is (/etc/apache2/httpd/conf). Open the httpd.conf file and make sure mod SSL module is loaded (uncommented).
    LoadModule ssl_module libexec/apache2/

    and uncomment the following line and save your modified httpd.conf file:

    Include /private/etc/apache2/extra/httpd-ssl.conf
  9. Edit the included httpd-ssl.conf and uncomment/edit the following lines to match to your server SSL certificate file:
    SSLEngine on
    SSLCertificateFile "/var/root/server.crt"
    SSLCertificateKeyFile "/var/root/server.key"
  10. Restart your Apache web server:
    httpd -k stop
    httpd -k start
  11. You will be asked for your pass phrase, enter it and your apache web server should ready to serve HTTPS request (listening on port 443). Type the following command to see the server LISTEN status:
    Server Listen Status
  12. Fire up your web browser and go to https://localhost it should show your web server home directory like the following:
    HTTPS on Localhost

Your web server is now ready to support your secure web application development. Don’t hesitate to ask of you have any questions.

This tutorial is intended for educational purpose only and NOT for production use. I’m not responsible to any damage to your computer hardware or software caused by following this tutorial. DO IT AT YOUR OWN RISK!