MacOS X 10.8 – Mountain Lion has built in Apache HTTP server as I previously mentioned here. By default, the web server has disabled it’s functionality to handle HTTPS request, it is HTTP over SSL a.k.a Secure HTTP. It is a good idea to test your HTTPS web application on localhost during development. Then enabling HTTPS functionality in Apache web server is a must.
The steps to enable HTTPS functionality in Apache web server is quite straightforward. Assuming you are already logged in as root user in Terminal, follow the following steps:
- In a “secure” folder you had chosen to store the SSL certificat, generate a private key by the following command (in my case it is:
openssl genrsa -des3 -out server.key 1024
- You will then see something like the following output, enter your desired pass phrase when asked:
root@MacBookPro ~$ openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .............................................................++++++ .......++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
- Next, Generating the CSR (certificate signing request):
openssl req -new -key server.key -out server.csr
- You will then be asked for the following details:
root@MacBookPro ~$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:East Java Locality Name (eg, city) :Malang Organization Name (eg, company) [Internet Widgits Pty Ltd]:A-Works, Inc. Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) :Aryo Pinandito Email Address :email@example.comPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password :password An optional company name :
- Next, generating the self signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- Then you will be asked for your previously entered pass phrase like the following output:
root@MacBookPro ~$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=ID/ST=East Java/L=Malang/O=A-Works, Inc./CN=Aryo Pinandito/emailAddressfirstname.lastname@example.org Getting Private key Enter pass phrase for server.key:
- There you will see three new files like the following:
root@MacBookPro ~$ ls -l ... -rw-r--r-- 1 root wheel 928 Feb 6 21:38 server.crt -rw-r--r-- 1 root wheel 725 Feb 6 21:38 server.csr -rw-r--r-- 1 root wheel 963 Feb 6 21:36 server.key root@MacBookPro ~$
- Okay, SSL certificate and keys are ready, next configure the Apache web server to support HTTPS and listen to port 443. Point your terminal to directory where Apache
httpd.conffile located, mine is (/etc/apache2/httpd/conf). Open the
httpd.conffile and make sure mod SSL module is loaded (uncommented).
LoadModule ssl_module libexec/apache2/mod_ssl.so
and uncomment the following line and save your modified
- Edit the included httpd-ssl.conf and uncomment/edit the following lines to match to your server SSL certificate file:
SSLEngine on SSLCertificateFile "/var/root/server.crt" SSLCertificateKeyFile "/var/root/server.key"
- Restart your Apache web server:
httpd -k stop httpd -k start
- You will be asked for your pass phrase, enter it and your apache web server should ready to serve HTTPS request (listening on port 443). Type the following command to see the server LISTEN status:
- Fire up your web browser and go to https://localhost it should show your web server home directory like the following:
Your web server is now ready to support your secure web application development. Don’t hesitate to ask of you have any questions.
This tutorial is intended for educational purpose only and NOT for production use. I’m not responsible to any damage to your computer hardware or software caused by following this tutorial. DO IT AT YOUR OWN RISK!