Create a gist now

Instantly share code, notes, and snippets.

@jfloff /mamp.md
Last active Aug 10, 2018

Embed
What would you like to do?
How to get MAMP to work with SSL ... Yes really.

First of all you need to be able to run MAMP in port 80. This is a "heat check" if you don't have any process jamming http ports. You can check it like this:

sudo lsof | grep LISTEN

If you do happen to have any process with something like this *:http (LISTEN), you are in trouble. Before with adventure check if it isn't MAMP itself (yeah, you should close that beforehand)

ps <pid of that process>

If you don't see MAMP, you are in good hands, I have just the thing for you:

# I've forced the removal of the job
$ launchctl remove org.apache.httpd

# and load it again
$ launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

# and unload it again
$ launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

Now you should be able to use port 80 (and almost any other) in MAMP. Just go to MAMP > Preferences > Ports Tab and click the Set to default Apache and MySQL ports.

Now comes the easy part, you just have to follow what this guy wrote here. Well, that's copy that here just in case ...

  1. Backup your /Applications/MAMP/conf/ dir.

  2. Generate a (dummy) SSL Certificate

    $ cd ~
    
    # generate a private key (will request a password twice)
    $ openssl genrsa -des3 -out server.key 1024
     
    # generate certificate signing request (same password as above)
    $ openssl req -new -key server.key -out server.csr
     
    # Answer the questions
    Country Name (2 letter code) [AU]: CA
    State or Province Name (full name) [Some-State]: Quebec
    Locality Name (eg, city) []: Montreal
    Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company
    Organizational Unit Name (eg, section) []: Development
    Common Name (eg, YOUR name) []: localhost
    Email Address []: your_email@domain.com
    A challenge password []: # leave this empty
    An optional company name []: # leave this empty
     
    # generate the certificate
    $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
     
    # remove the password from the server key
    $ cp server.key server.tmp
    $ openssl rsa -in server.tmp -out server.key
     
    # Move the certificate into your MAMP apache configuration folder
    $ cp server.crt /Applications/MAMP/conf/apache
    $ cp server.key /Applications/MAMP/conf/apache
    
  3. Open /Applications/MAMP/conf/apache/httpd.conf and uncomment Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf.

  4. Keep your vhost in /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf just the same.

  5. In /Applications/MAMP/conf/apache/extra/httpd-ssl.conf, find the following block and edit the fields Server Name and Document Root with the values you already have in your vhost.

    #   General setup for the virtual host
    DocumentRoot "/Applications/MAMP/Library/htdocs"
    ServerName www.example.com:443
    ServerAdmin you@example.com
    ErrorLog "/Applications/MAMP/Library/logs/error_log"
    TransferLog "/Applications/MAMP/Library/logs/access_log"
    and edit in your DocumentRoot and ServerName settings:
    

Happy secure MAMPing!

@michahell

This comment has been minimized.

Show comment
Hide comment
@michahell

michahell Sep 16, 2015

Who are the people developing MAMP?

"hey guys, lets change everything, but not tell anyone so they'll have some fun figuring out how to get things working again."

Unbelievable. Well, changelog then, anyone? ...NOOOOOPE !
https://forum.mamp.info/viewtopic.php?f=2&t=91930
https://www.mamp.info/en/documentation/ (Search for changelog: ....NOOOOOPE).
google 'MAMP changelog': ....NOOOOOPE.

awesome.

Anyway thanks for figuring this out!

oh, double check if everything is well:

? > apachectl OR if you haven't added all MAMP binaries to your path:
? > /Applications/MAMP/bin/apache2/bin/apachectl

michahell commented Sep 16, 2015

Who are the people developing MAMP?

"hey guys, lets change everything, but not tell anyone so they'll have some fun figuring out how to get things working again."

Unbelievable. Well, changelog then, anyone? ...NOOOOOPE !
https://forum.mamp.info/viewtopic.php?f=2&t=91930
https://www.mamp.info/en/documentation/ (Search for changelog: ....NOOOOOPE).
google 'MAMP changelog': ....NOOOOOPE.

awesome.

Anyway thanks for figuring this out!

oh, double check if everything is well:

? > apachectl OR if you haven't added all MAMP binaries to your path:
? > /Applications/MAMP/bin/apache2/bin/apachectl

@purefan

This comment has been minimized.

Show comment
Hide comment
@purefan

purefan Nov 17, 2015

I made some edits to your gist, mostly grammar, so feel free to add them to your gist if you feel they're good enough: https://gist.github.com/purefan/b99b05f22d50abe5a4a1/revisions

purefan commented Nov 17, 2015

I made some edits to your gist, mostly grammar, so feel free to add them to your gist if you feel they're good enough: https://gist.github.com/purefan/b99b05f22d50abe5a4a1/revisions

@staminna

This comment has been minimized.

Show comment
Hide comment
@staminna

staminna Nov 24, 2015

Could someone upload openssl.so somewhere? I had SSL working on MAMP until the file disappeared from my computer and I can't find it anywhere. My PHP version is 5.6.2.

Thank you.

staminna commented Nov 24, 2015

Could someone upload openssl.so somewhere? I had SSL working on MAMP until the file disappeared from my computer and I can't find it anywhere. My PHP version is 5.6.2.

Thank you.

@mark-schaal

This comment has been minimized.

Show comment
Hide comment
@mark-schaal

mark-schaal Jan 13, 2016

This seems find a for a single hosted solution, but if you are running MAMP locally for localhost development, how would you accommodate multiple ServerName declarations if we are only using the default:443 VirtualHost that is provided in the file? Could you just create additional VirtualHosts (logical assumption on my end)?

mark-schaal commented Jan 13, 2016

This seems find a for a single hosted solution, but if you are running MAMP locally for localhost development, how would you accommodate multiple ServerName declarations if we are only using the default:443 VirtualHost that is provided in the file? Could you just create additional VirtualHosts (logical assumption on my end)?

@h311o

This comment has been minimized.

Show comment
Hide comment
@h311o

h311o Jan 23, 2016

When I try and access "https://www.example.com:443", I am accessing an online domain "established to be used for illustrative examples in documents"?

h311o commented Jan 23, 2016

When I try and access "https://www.example.com:443", I am accessing an online domain "established to be used for illustrative examples in documents"?

@sethdaniel

This comment has been minimized.

Show comment
Hide comment
@sethdaniel

sethdaniel Jan 26, 2016

Did not work at all for me.

sethdaniel commented Jan 26, 2016

Did not work at all for me.

@neetumorwani

This comment has been minimized.

Show comment
Hide comment
@neetumorwani

neetumorwani Jan 27, 2016

Very helpful. Worked for me. Thanks a lot.:)

neetumorwani commented Jan 27, 2016

Very helpful. Worked for me. Thanks a lot.:)

@cinder92

This comment has been minimized.

Show comment
Hide comment
@cinder92

cinder92 Feb 16, 2016

what if i have the CRS, CRT, CA files from comodo? how can i generate private key from this files?

cinder92 commented Feb 16, 2016

what if i have the CRS, CRT, CA files from comodo? how can i generate private key from this files?

@jonathanphz

This comment has been minimized.

Show comment
Hide comment
@jonathanphz

jonathanphz May 16, 2016

I've tried this about 8 times already and cannot get it to work - not sure if I'm missing something here.

jonathanphz commented May 16, 2016

I've tried this about 8 times already and cannot get it to work - not sure if I'm missing something here.

@virtualLast

This comment has been minimized.

Show comment
Hide comment
@virtualLast

virtualLast May 25, 2016

Question about point 5. I have loads of accounts set up under vhosts, how do I configure the general vhost setup?

virtualLast commented May 25, 2016

Question about point 5. I have loads of accounts set up under vhosts, how do I configure the general vhost setup?

@herijunior

This comment has been minimized.

Show comment
Hide comment
@herijunior

herijunior Jun 1, 2016

Just in case if you are getting a "404 Not Found The requested URL was not found on this server", just make sure that the DocumentRoot in httpd-ssl.conf is correct, mine was pointing to a useless address. :)

herijunior commented Jun 1, 2016

Just in case if you are getting a "404 Not Found The requested URL was not found on this server", just make sure that the DocumentRoot in httpd-ssl.conf is correct, mine was pointing to a useless address. :)

@trainoasis

This comment has been minimized.

Show comment
Hide comment
@trainoasis

trainoasis Aug 19, 2016

How would I access only one page via virtual host (mypage.local for example) using https ? for me it does not seem to work, and also this forces https - if I try accessing localhost without https it says

Bad Request Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

trainoasis commented Aug 19, 2016

How would I access only one page via virtual host (mypage.local for example) using https ? for me it does not seem to work, and also this forces https - if I try accessing localhost without https it says

Bad Request Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

@waltermulder

This comment has been minimized.

Show comment
Hide comment
@waltermulder

waltermulder Nov 10, 2016

So simple, thank you for this guide

waltermulder commented Nov 10, 2016

So simple, thank you for this guide

@waldemirflj

This comment has been minimized.

Show comment
Hide comment
@waldemirflj

waldemirflj Dec 7, 2016

Pretty easy!!! 😄

waldemirflj commented Dec 7, 2016

Pretty easy!!! 😄

@chrisschwartze

This comment has been minimized.

Show comment
Hide comment
@chrisschwartze

chrisschwartze Feb 23, 2017

Meh, tried everything. Not working for me.

chrisschwartze commented Feb 23, 2017

Meh, tried everything. Not working for me.

@tuannguyenminh2086

This comment has been minimized.

Show comment
Hide comment

tuannguyenminh2086 commented Mar 24, 2017

https://mijingo.com/blog/develop-ssl-sites-locally-with-mamp

Why not buy a MAMP Pro solution? 💃

@AustinRoman

This comment has been minimized.

Show comment
Hide comment
@AustinRoman

AustinRoman Apr 7, 2017

I am currently running macOS 10.12.1 with a purchased version of MAMP Pro 4.1 and I am unable to get MAMP PRO running with an SSL so I tried your advice:
After checking to see if I have any processes running using: sudo lsof | grep LISTEN
I see that I am indeed "in trouble"
What steps should I take now? Thanks in advance.

AustinRoman commented Apr 7, 2017

I am currently running macOS 10.12.1 with a purchased version of MAMP Pro 4.1 and I am unable to get MAMP PRO running with an SSL so I tried your advice:
After checking to see if I have any processes running using: sudo lsof | grep LISTEN
I see that I am indeed "in trouble"
What steps should I take now? Thanks in advance.

@mehdihasan

This comment has been minimized.

Show comment
Hide comment
@mehdihasan

mehdihasan Apr 17, 2017

Thanks for the tutorial. Works nicely for me.

mehdihasan commented Apr 17, 2017

Thanks for the tutorial. Works nicely for me.

@dhonions

This comment has been minimized.

Show comment
Hide comment
@dhonions

dhonions May 1, 2017

MAMP Pro was easy to generate self-signed certs for each host. Except now Chrome v58 won't accept them them without subjectAltName being completed - Mamp seems to be generating certs with CommonName only which renders this Pro feature useless - having to make manual certs sigh.

dhonions commented May 1, 2017

MAMP Pro was easy to generate self-signed certs for each host. Except now Chrome v58 won't accept them them without subjectAltName being completed - Mamp seems to be generating certs with CommonName only which renders this Pro feature useless - having to make manual certs sigh.

@Harry-Harrison

This comment has been minimized.

Show comment
Hide comment
@Harry-Harrison

Harry-Harrison May 19, 2017

I wondered what was going on there, thanks for the heads up @dhonions

Harry-Harrison commented May 19, 2017

I wondered what was going on there, thanks for the heads up @dhonions

@astewes

This comment has been minimized.

Show comment
Hide comment
@astewes

astewes Jun 7, 2017

How would I undo the changes stemming from the (dummy) SSL Certificate documented in your walkthrough? Ever since making these changes, I'm having issues navigating between http/https, even when MAMP isn't running.

astewes commented Jun 7, 2017

How would I undo the changes stemming from the (dummy) SSL Certificate documented in your walkthrough? Ever since making these changes, I'm having issues navigating between http/https, even when MAMP isn't running.

@n8jadams

This comment has been minimized.

Show comment
Hide comment
@n8jadams

n8jadams Jun 24, 2017

This did not work for me. The encryption of the self-signed certificate wasn't strong enough and @dhonions mentioned, you need a subjectAltName. I figured out how to do this using a bunch of different sources. Here is my solution.

  1. In the MAMP Preferences<Ports set Apache Port to 80
  2. Run the following commands in the terminal:
$ openssl req -new -sha256 -key server.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:localhost")) -out server.csr
$ cp server.crt /Applications/MAMP/conf/apache
$ cp server.key /Applications/MAMP/conf/apache
  1. Open /Applications/MAMP/conf/apache/httpd.conf and uncomment Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf. (Remove the number sign symbol at the beginning of that line)
  2. Open /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and replace everything within the <VirtualHost...> tags (it's a pretty big block of text) with the following code:
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /Applications/MAMP/conf/apache/server.crt
    SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key
</VirtualHost>
  1. Hit Command (⌘) + Spacebar and type Keychain Access to open Keychain Access.
  2. Click the lock and enter your password
  3. Click System
  4. Click File<Import Items
  5. Browse to the server.crt file and import it.
  6. You should see a localhost certificate appear. Right click it and select "Get Info". Then click "Trust" and set "When using this certificate" to "Always Trust."

Restart your browsers and open https://localhost. It should work.

n8jadams commented Jun 24, 2017

This did not work for me. The encryption of the self-signed certificate wasn't strong enough and @dhonions mentioned, you need a subjectAltName. I figured out how to do this using a bunch of different sources. Here is my solution.

  1. In the MAMP Preferences<Ports set Apache Port to 80
  2. Run the following commands in the terminal:
$ openssl req -new -sha256 -key server.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:localhost")) -out server.csr
$ cp server.crt /Applications/MAMP/conf/apache
$ cp server.key /Applications/MAMP/conf/apache
  1. Open /Applications/MAMP/conf/apache/httpd.conf and uncomment Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf. (Remove the number sign symbol at the beginning of that line)
  2. Open /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and replace everything within the <VirtualHost...> tags (it's a pretty big block of text) with the following code:
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /Applications/MAMP/conf/apache/server.crt
    SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key
</VirtualHost>
  1. Hit Command (⌘) + Spacebar and type Keychain Access to open Keychain Access.
  2. Click the lock and enter your password
  3. Click System
  4. Click File<Import Items
  5. Browse to the server.crt file and import it.
  6. You should see a localhost certificate appear. Right click it and select "Get Info". Then click "Trust" and set "When using this certificate" to "Always Trust."

Restart your browsers and open https://localhost. It should work.

@madebycaliper

This comment has been minimized.

Show comment
Hide comment
@madebycaliper

madebycaliper Jul 11, 2017

For multiple local SSL vhosts/ServerNames:

In order for Apache to recognize different virual hosts over SSL you need to use NameVirtualHost and turn off "Strict SNI". Essentially, you need the following at the top of your httpd-ssl.conf file:

# Ensure that Apache listens on port 443
Listen 443
    
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

and then make sure each of your vhost nodes are declared with the following tag:

<VirtualHost *:443>

Note : The browser you're using also needs to support SNI.

All of this was taken from this page in the Apache docs:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

madebycaliper commented Jul 11, 2017

For multiple local SSL vhosts/ServerNames:

In order for Apache to recognize different virual hosts over SSL you need to use NameVirtualHost and turn off "Strict SNI". Essentially, you need the following at the top of your httpd-ssl.conf file:

# Ensure that Apache listens on port 443
Listen 443
    
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

and then make sure each of your vhost nodes are declared with the following tag:

<VirtualHost *:443>

Note : The browser you're using also needs to support SNI.

All of this was taken from this page in the Apache docs:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

@seandelaney

This comment has been minimized.

Show comment
Hide comment
@seandelaney

seandelaney Sep 13, 2017

Worked perfectly!

seandelaney commented Sep 13, 2017

Worked perfectly!

@alexanderbapo

This comment has been minimized.

Show comment
Hide comment
@alexanderbapo

alexanderbapo Sep 27, 2017

@jfloff thank you for the solution! I did it and it didn't fully work, until I changed on macOS Keychain Access as per @n8jadams 's comment. Thank you both! For anyone stuck -> I did everything in the main gist, then after it didn't work I did everything in @n8jadams comment from Step #4

alexanderbapo commented Sep 27, 2017

@jfloff thank you for the solution! I did it and it didn't fully work, until I changed on macOS Keychain Access as per @n8jadams 's comment. Thank you both! For anyone stuck -> I did everything in the main gist, then after it didn't work I did everything in @n8jadams comment from Step #4

@virtualLast

This comment has been minimized.

Show comment
Hide comment
@virtualLast

virtualLast Oct 2, 2017

@n8jadams I followed your steps but in chrome I am still getting a not secure red coloured icon instead of the nice green have you any ideas?

virtualLast commented Oct 2, 2017

@n8jadams I followed your steps but in chrome I am still getting a not secure red coloured icon instead of the nice green have you any ideas?

@bonified2x

This comment has been minimized.

Show comment
Hide comment
@bonified2x

bonified2x Oct 19, 2017

The missing step is to remember to add an http 80 host to your root https://becomethesolution.com/blogs/mac/fix-mamp-and-http-to-https-traffic-redirects

bonified2x commented Oct 19, 2017

The missing step is to remember to add an http 80 host to your root https://becomethesolution.com/blogs/mac/fix-mamp-and-http-to-https-traffic-redirects

@dep

This comment has been minimized.

Show comment
Hide comment
@dep

dep Nov 29, 2017

You lost me with steps 4 and 5.

find the following block and edit the fields Server Name and Document Root with the values you already have in your vhost.

My /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf file looks like this... Would I copy those two rows over as they appear below?

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common

dep commented Nov 29, 2017

You lost me with steps 4 and 5.

find the following block and edit the fields Server Name and Document Root with the values you already have in your vhost.

My /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf file looks like this... Would I copy those two rows over as they appear below?

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common

@saki1001

This comment has been minimized.

Show comment
Hide comment
@saki1001

saki1001 Dec 20, 2017

Thank you, worked perfectly and saved my butt!

saki1001 commented Dec 20, 2017

Thank you, worked perfectly and saved my butt!

@flynam

This comment has been minimized.

Show comment
Hide comment
@flynam

flynam Feb 1, 2018

Excellent! Thanks a million.

flynam commented Feb 1, 2018

Excellent! Thanks a million.

@BenCook28

This comment has been minimized.

Show comment
Hide comment
@BenCook28

BenCook28 Mar 22, 2018

@dep I kept httpd.conf the same, changed httpd-ssl.conf's ServerName to localhost:443, and changed my httpd-ssl.conf's ServerAdmin to my work email address and I got SSL working. Then to get around a Chrome warning, I clicked Advanced, and then the option to proceed anyway.

BenCook28 commented Mar 22, 2018

@dep I kept httpd.conf the same, changed httpd-ssl.conf's ServerName to localhost:443, and changed my httpd-ssl.conf's ServerAdmin to my work email address and I got SSL working. Then to get around a Chrome warning, I clicked Advanced, and then the option to proceed anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment