Create a gist now

Instantly share code, notes, and snippets.

Embed
Local SSL websites on macOS Sierra

Local SSL websites on macOS Sierra

These instructions will guide you through the process of setting up local, trusted websites on your own computer.

These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion.

NOTE: You may substitute the edit command for nano, vim, or whatever the editor of your choice is. Personally, I forward the edit command to Sublime Text:

alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl"

Configuring Apache

Within Terminal, start Apache.

sudo apachectl start

In a web browser, visit http://localhost. You should see a message stating that It works!.

Configuring Apache: Setting up a Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, replace line 212 to supress messages about the server’s fully qualified domain name.

ServerName localhost

Next, uncomment line 160 and line 499 to enable Virtual Hosts.

LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so
Include /private/etc/apache2/extra/httpd-vhosts.conf

Optionally, uncomment line 169 to enable PHP.

LoadModule php5_module libexec/apache2/libphp5.so

Within Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, replace the entire contents of this file with the following, replacing indieweb with your user name.

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Within Terminal, restart Apache.

sudo apachectl restart

Configuring Apache: Creating a Site

Within Terminal, create a Sites parent directory and a localhost subdirectory, which will be our first site.

mkdir -p ~/Sites/localhost

Next, create a test HTML document within localhost.

echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html

Now, in a web browser, visit http://localhost. You should see a message stating that localhost works.


Configuring SSL

Within Terminal, create an SSL directory.

sudo mkdir /etc/apache2/ssl

Next, generate a private key and certificate for your site.

sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl req -new -x509 -key /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.crt -days 3650 -subj /CN=localhost

Finally, add the certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Configuring SSL: Setting up a Trusted Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, uncomment lines 89 and 143 to enable modules required by HTTPS.

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so

Next, uncomment line 516 to enable Trusted Virtual Hosts.

Include /private/etc/apache2/extra/httpd-ssl.conf

Back in Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, add a 443 VirtualHost Name and localhost Directive at the end of the file, replacing indieweb with your user name.

<VirtualHost *:443>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Back in Terminal, edit the SSL configuration.

edit /etc/apache2/extra/httpd-ssl.conf

Next, comment line 144 and 154 to skip the default Server Certificate and Server Private Key.

#SSLCertificateFile "/private/etc/apache2/server.crt"
#SSLCertificateKeyFile "/private/etc/apache2/server.key"

Next, beneath the commented certificates or keys, add references to your certificate and key.

SSLCertificateFile "/etc/apache2/ssl/localhost.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/localhost.key"

Back in Terminal, restart Apache.

sudo apachectl restart

Now, in a web browser, visit https://localhost. The domain should appear trusted, and you should see a message stating that localhost works!.

@2ni

This comment has been minimized.

Show comment
Hide comment
@2ni

2ni Oct 23, 2014

You got a typo with localhost.conf <-> localhost.cnf
I still get an error net::err_cert_common_name_invalid with chrome :(

2ni commented Oct 23, 2014

You got a typo with localhost.conf <-> localhost.cnf
I still get an error net::err_cert_common_name_invalid with chrome :(

@jonathantneal

This comment has been minimized.

Show comment
Hide comment
@jonathantneal

jonathantneal Nov 3, 2014

Thanks @2ni, a few areas have been updated and tested successfully.

Owner

jonathantneal commented Nov 3, 2014

Thanks @2ni, a few areas have been updated and tested successfully.

@andrewghobrial

This comment has been minimized.

Show comment
Hide comment
@andrewghobrial

andrewghobrial Nov 16, 2014

this broke my server completely.....

this broke my server completely.....

@W3BGUY

This comment has been minimized.

Show comment
Hide comment
@W3BGUY

W3BGUY Nov 18, 2014

Worked like a charm for me (editing the server information,. of course). Thanks, still learning this Mac stuff... :)

W3BGUY commented Nov 18, 2014

Worked like a charm for me (editing the server information,. of course). Thanks, still learning this Mac stuff... :)

@markhealey

This comment has been minimized.

Show comment
Hide comment
@markhealey

markhealey Nov 21, 2014

Worked perfectly for me, thanks!

Worked perfectly for me, thanks!

@CameronWJones

This comment has been minimized.

Show comment
Hide comment
@CameronWJones

CameronWJones Nov 22, 2014

This worked absolutely flawlessly for me. I used http://coolestguidesontheplanet.com/get-apache-mysql-php-phpmyadmin-working-osx-10-10-yosemite/ to get PHP, and MySQL up and running, and then http://stackoverflow.com/questions/26483724/how-to-install-mod-perl-2-0-9-in-apache-2-4-on-os-x-yosemite/26544732#26544732 to get perl up and running. Now this got the SSL part of the equation working. Thank you so much!

This worked absolutely flawlessly for me. I used http://coolestguidesontheplanet.com/get-apache-mysql-php-phpmyadmin-working-osx-10-10-yosemite/ to get PHP, and MySQL up and running, and then http://stackoverflow.com/questions/26483724/how-to-install-mod-perl-2-0-9-in-apache-2-4-on-os-x-yosemite/26544732#26544732 to get perl up and running. Now this got the SSL part of the equation working. Thank you so much!

@razvanioan

This comment has been minimized.

Show comment
Hide comment
@razvanioan

razvanioan Nov 27, 2014

for me it doesn't work as well !

as soon as I include /extra/httpd-ssl.conf into play, the server isn't reachable anymore.
I see here that nothing has to be changed in the default ssl.conf file, but don't understand what's causing this

any thoughts ?

Thx !

for me it doesn't work as well !

as soon as I include /extra/httpd-ssl.conf into play, the server isn't reachable anymore.
I see here that nothing has to be changed in the default ssl.conf file, but don't understand what's causing this

any thoughts ?

Thx !

@lecaoquochung

This comment has been minimized.

Show comment
Hide comment
@lecaoquochung

lecaoquochung Dec 6, 2014

It works! on OS X Yosemite. Thanks!

It works! on OS X Yosemite. Thanks!

@ashleyparkes

This comment has been minimized.

Show comment
Hide comment
@ashleyparkes

ashleyparkes Dec 20, 2014

Update: Figured it out at least for my case - open httpd-ssl.conf, and at about line 68, comment out the line that starts with SSLMutex. It seems to use a module that isn't used in our current configuration. Also, lower down in the file it defines a virtualhost that may or may not conflict with the one defined in httpd-vhosts. Hope that helps someone!

Having the same issue as razvanioan - can't see any reason I should be having a problem, but if I figure it out I'll post the solution!

Update: Figured it out at least for my case - open httpd-ssl.conf, and at about line 68, comment out the line that starts with SSLMutex. It seems to use a module that isn't used in our current configuration. Also, lower down in the file it defines a virtualhost that may or may not conflict with the one defined in httpd-vhosts. Hope that helps someone!

Having the same issue as razvanioan - can't see any reason I should be having a problem, but if I figure it out I'll post the solution!

@wildone

This comment has been minimized.

Show comment
Hide comment
@wildone

wildone Dec 29, 2014

@ashleyparkes
SSLMutex is not supported since httpd 2.2, so you must be running httpd 2.2+
update like this

SSLMutex "file:/private/var/run/ssl_mutex"

Mutex sysvsem default

@razvanioan
run:
httpd -t

you may have some modules in httpd.conf not enabled...

wildone commented Dec 29, 2014

@ashleyparkes
SSLMutex is not supported since httpd 2.2, so you must be running httpd 2.2+
update like this

SSLMutex "file:/private/var/run/ssl_mutex"

Mutex sysvsem default

@razvanioan
run:
httpd -t

you may have some modules in httpd.conf not enabled...

@360Zen

This comment has been minimized.

Show comment
Hide comment
@360Zen

360Zen Jan 3, 2015

This worked great (after I found the bit in the comments about Mutex). Thanks for writing this!

Should I just leave httpd-ssl.conf like this?:

#SSLMutex "file:/private/var/run/ssl_mutex"   
Mutex sysvsem default

Any chance you could give me a hint as to how to get a certificate going for a second domain on my localhost? I have vhosts setup for home.dev, test.dev, etc. I assume I won't have to redo every step of this, but I'm a little unsure which parts are domain specific.

Thanks in advance for any help.

360Zen commented Jan 3, 2015

This worked great (after I found the bit in the comments about Mutex). Thanks for writing this!

Should I just leave httpd-ssl.conf like this?:

#SSLMutex "file:/private/var/run/ssl_mutex"   
Mutex sysvsem default

Any chance you could give me a hint as to how to get a certificate going for a second domain on my localhost? I have vhosts setup for home.dev, test.dev, etc. I assume I won't have to redo every step of this, but I'm a little unsure which parts are domain specific.

Thanks in advance for any help.

@scepter

This comment has been minimized.

Show comment
Hide comment
@scepter

scepter Jan 3, 2015

It works on Yosemite. Thanks.

scepter commented Jan 3, 2015

It works on Yosemite. Thanks.

@riquezjp

This comment has been minimized.

Show comment
Hide comment
@riquezjp

riquezjp Jan 28, 2015

it's working, but now using http:// is forbidden?

ok - i was able to fix my issue by adding a config for port 80 in the vhosts file.
So, last step editing "httpd-vhosts.conf"
I repeated the entire <VirtualHost *:80> block as port 80, removing the 4 lines for SSL Engine

it's working, but now using http:// is forbidden?

ok - i was able to fix my issue by adding a config for port 80 in the vhosts file.
So, last step editing "httpd-vhosts.conf"
I repeated the entire <VirtualHost *:80> block as port 80, removing the 4 lines for SSL Engine

@biegl

This comment has been minimized.

Show comment
Hide comment
@biegl

biegl Mar 15, 2015

works like a charm. thanks!

biegl commented Mar 15, 2015

works like a charm. thanks!

@svox1

This comment has been minimized.

Show comment
Hide comment

svox1 commented Mar 26, 2015

Thx!

@shankie-san

This comment has been minimized.

Show comment
Hide comment
@shankie-san

shankie-san Mar 31, 2015

This is great stuff. @ashleyparkes comment about removing the redundant virtualhost in httpd-ssl.conf did it for me.

The only slight issue is that, if you view the certificate details in Chrome, it reports that it used obsolete cryptography (TLS 1.0). I think that this is stopping something working for me. Does anyone have any idea how to change this to TLS 1.2?

This is great stuff. @ashleyparkes comment about removing the redundant virtualhost in httpd-ssl.conf did it for me.

The only slight issue is that, if you view the certificate details in Chrome, it reports that it used obsolete cryptography (TLS 1.0). I think that this is stopping something working for me. Does anyone have any idea how to change this to TLS 1.2?

@shankie-san

This comment has been minimized.

Show comment
Hide comment
@shankie-san

shankie-san Mar 31, 2015

I think I sorted it...!

Added this to any of the config files to stop TLS 1.0 being used
SSLProtocol All -SSLv2 -SSLv3

I think I sorted it...!

Added this to any of the config files to stop TLS 1.0 being used
SSLProtocol All -SSLv2 -SSLv3

@jonbonJoeB

This comment has been minimized.

Show comment
Hide comment
@jonbonJoeB

jonbonJoeB Mar 31, 2015

Hey there, how can we undo these changes? I seem to have broken apache. It doesn't want to start anymore from Manager-OSX (mysql works fine tho).

I have...

  • Removed the /etc/apache2/ssl/ directory
  • Recommented all the lines /etc/apache2/httpd.conf
  • Removed the 443 virtual host setting in /etc/apache2/httpd.conf
  • Removed the ~/Sites directory

I'm not sure what else to do, but apache was originally working for me on my localhost where I have my site located within the htdocs/ directory of XAMPP. Please help!

Hey there, how can we undo these changes? I seem to have broken apache. It doesn't want to start anymore from Manager-OSX (mysql works fine tho).

I have...

  • Removed the /etc/apache2/ssl/ directory
  • Recommented all the lines /etc/apache2/httpd.conf
  • Removed the 443 virtual host setting in /etc/apache2/httpd.conf
  • Removed the ~/Sites directory

I'm not sure what else to do, but apache was originally working for me on my localhost where I have my site located within the htdocs/ directory of XAMPP. Please help!

@kenahoo

This comment has been minimized.

Show comment
Hide comment
@kenahoo

kenahoo May 10, 2015

@jonbonJoeB - try running apachectl configtest to see whether it reports any errors. It might show you what's wrong.

kenahoo commented May 10, 2015

@jonbonJoeB - try running apachectl configtest to see whether it reports any errors. It might show you what's wrong.

@dataf3l

This comment has been minimized.

Show comment
Hide comment
@dataf3l

dataf3l Jun 18, 2015

Thanks Jonathan!, also if anyone gets a: Apache: “AuthType not set!” 500 Error
and has Apache2.2 as opposed to Apache2.4, remember to comment this line:

     #Require all granted

since it is only required for apache2.4
as per these instructions:
http://stackoverflow.com/questions/21265191/apache-authtype-not-set-500-error

dataf3l commented Jun 18, 2015

Thanks Jonathan!, also if anyone gets a: Apache: “AuthType not set!” 500 Error
and has Apache2.2 as opposed to Apache2.4, remember to comment this line:

     #Require all granted

since it is only required for apache2.4
as per these instructions:
http://stackoverflow.com/questions/21265191/apache-authtype-not-set-500-error

@lcdgithub

This comment has been minimized.

Show comment
Hide comment
@lcdgithub

lcdgithub Jul 15, 2015

I got this: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I took shankiesan's suggestion and added

SSLProtocol All -SSLv2 -SSLv3

to httpd-ssl.conf and now it works!

Thanks to everyone for their help!

I got this: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I took shankiesan's suggestion and added

SSLProtocol All -SSLv2 -SSLv3

to httpd-ssl.conf and now it works!

Thanks to everyone for their help!

@otayeby

This comment has been minimized.

Show comment
Hide comment
@otayeby

otayeby Jul 28, 2015

When editing the "httpd-vhosts.conf", please make sure you are editing the one in the "/private/etc/apache2/extra/" directory not the "/etc/apache2/extra/". Thank you Jonathan, it works for me.

otayeby commented Jul 28, 2015

When editing the "httpd-vhosts.conf", please make sure you are editing the one in the "/private/etc/apache2/extra/" directory not the "/etc/apache2/extra/". Thank you Jonathan, it works for me.

@thomasbennett

This comment has been minimized.

Show comment
Hide comment
@thomasbennett

thomasbennett Aug 31, 2015

/etc/apache2/extra is a symlink to /private/... so its fine.

This works well, thank you.

/etc/apache2/extra is a symlink to /private/... so its fine.

This works well, thank you.

@marchrius

This comment has been minimized.

Show comment
Hide comment
@marchrius

marchrius Sep 20, 2015

Worked perfectly with Mac OS X 10.10.5. Thanks!

Worked perfectly with Mac OS X 10.10.5. Thanks!

@srikant

This comment has been minimized.

Show comment
Hide comment
@srikant

srikant Sep 24, 2015

Thanks, Works like a magic.

srikant commented Sep 24, 2015

Thanks, Works like a magic.

@mgrimard

This comment has been minimized.

Show comment
Hide comment
@mgrimard

mgrimard Oct 14, 2015

I'm getting a warning saying I'm using an obsolete cypher suite, what does this mean?

Edit: https://mozilla.github.io/server-side-tls/ssl-config-generator/ , this can be used to generate a more recent SSL settings for your vhost file.

I'm getting a warning saying I'm using an obsolete cypher suite, what does this mean?

Edit: https://mozilla.github.io/server-side-tls/ssl-config-generator/ , this can be used to generate a more recent SSL settings for your vhost file.

@seantcanavan

This comment has been minimized.

Show comment
Hide comment
@seantcanavan

seantcanavan Oct 27, 2015

Worked fantastically on el capitan. Many thanks.

Worked fantastically on el capitan. Many thanks.

@tuscanicz

This comment has been minimized.

Show comment
Hide comment
@tuscanicz

tuscanicz Nov 12, 2015

Thank you much, it is working well on Yosemite.

Thank you much, it is working well on Yosemite.

@shankie-san

This comment has been minimized.

Show comment
Hide comment
@shankie-san

shankie-san Jan 6, 2016

This is great – this is the first guide that I've found that gets SSL working properly on Yosemite and El Capitan. Chapeau!

This is great – this is the first guide that I've found that gets SSL working properly on Yosemite and El Capitan. Chapeau!

@buckmanhands

This comment has been minimized.

Show comment
Hide comment
@buckmanhands

buckmanhands Jan 10, 2016

Worked perfectly for me on El Capitan. Many thanks.

Worked perfectly for me on El Capitan. Many thanks.

@Ablesius

This comment has been minimized.

Show comment
Hide comment
@Ablesius

Ablesius Jan 12, 2016

just a hint: you can compress multiple mkdir commands:
mkdir -p /ExistingFolder/NewFolder/NewSubfolder

Greetings, Alex

just a hint: you can compress multiple mkdir commands:
mkdir -p /ExistingFolder/NewFolder/NewSubfolder

Greetings, Alex

@emdecr

This comment has been minimized.

Show comment
Hide comment
@emdecr

emdecr Jan 14, 2016

Worked for me. Thanks!

emdecr commented Jan 14, 2016

Worked for me. Thanks!

@protagora

This comment has been minimized.

Show comment
Hide comment
@protagora

protagora Jan 22, 2016

Wonderful walkthrough - Yosemite, v10.10.5.

Thanks!

Wonderful walkthrough - Yosemite, v10.10.5.

Thanks!

@flanger001

This comment has been minimized.

Show comment
Hide comment
@flanger001

flanger001 Jan 27, 2016

This worked great for me just this morning on El Capitan. One note I had is since I'm not using localhost as my site name, I had to change that where it was set in configuration files. The actual names of the files didn't matter though.

@riquezjp's comment about http:// being forbidden was useful
@mgrimard's comment about the updated SSL settings was also useful. apachectl configtest was useful for figuring out what was allowed to be in a <VirtualHost> directive since I am not otherwise very knowledgeable in the realm of Apache setup.

Finally, if you're using Sublime Text, you can get an Apache Conf syntax highlighting package from Package Control that makes the Apache conf file editing a little bit nicer.

This worked great for me just this morning on El Capitan. One note I had is since I'm not using localhost as my site name, I had to change that where it was set in configuration files. The actual names of the files didn't matter though.

@riquezjp's comment about http:// being forbidden was useful
@mgrimard's comment about the updated SSL settings was also useful. apachectl configtest was useful for figuring out what was allowed to be in a <VirtualHost> directive since I am not otherwise very knowledgeable in the realm of Apache setup.

Finally, if you're using Sublime Text, you can get an Apache Conf syntax highlighting package from Package Control that makes the Apache conf file editing a little bit nicer.

@MarcoSantana

This comment has been minimized.

Show comment
Hide comment
@MarcoSantana

MarcoSantana Jan 28, 2016

Worked perfectly on El Capitan thanks

Worked perfectly on El Capitan thanks

@craigquincy

This comment has been minimized.

Show comment
Hide comment
@craigquincy

craigquincy Feb 1, 2016

Thank you! Worked like a charm.

Thank you! Worked like a charm.

@yifeimich

This comment has been minimized.

Show comment
Hide comment
@yifeimich

yifeimich Feb 3, 2016

Worked Perfectly! Thank you very much!!!

Worked Perfectly! Thank you very much!!!

@wkerswell

This comment has been minimized.

Show comment
Hide comment
@wkerswell

wkerswell Feb 5, 2016

Perfect thank you.

Perfect thank you.

@dvlden

This comment has been minimized.

Show comment
Hide comment
@dvlden

dvlden Feb 20, 2016

Is there a way to make it "GREEN" for dynamic apache virtual hosts too and not localhost only?
So for me it does show up as GREEN for localhost and all its subdirs, but it does not work for my dynamic .dev, .src, .dest ltds.

Is there a way to make that functional as well? The issue is:
• Server's certificate does not match the URL.

dvlden commented Feb 20, 2016

Is there a way to make it "GREEN" for dynamic apache virtual hosts too and not localhost only?
So for me it does show up as GREEN for localhost and all its subdirs, but it does not work for my dynamic .dev, .src, .dest ltds.

Is there a way to make that functional as well? The issue is:
• Server's certificate does not match the URL.

@leaase

This comment has been minimized.

Show comment
Hide comment
@leaase

leaase Apr 5, 2016

Been fighting "ERR_CERT_COMMON_NAME_INVALID" error in a while now, and finally fixed the problems walking through this guide. Thank you!

leaase commented Apr 5, 2016

Been fighting "ERR_CERT_COMMON_NAME_INVALID" error in a while now, and finally fixed the problems walking through this guide. Thank you!

@luyendao

This comment has been minimized.

Show comment
Hide comment
@luyendao

luyendao May 16, 2016

Thanks for this article - been running a PHP cURL request against an API that required an SSL connection, kept getting an error "Unknown SSL protocol error in connection", turns out my localhost needs a valid certificate. I can't say i fully understand the openssl syntax behind all of this, but at least now I understand the problem!

Thanks for this article - been running a PHP cURL request against an API that required an SSL connection, kept getting an error "Unknown SSL protocol error in connection", turns out my localhost needs a valid certificate. I can't say i fully understand the openssl syntax behind all of this, but at least now I understand the problem!

@webdesign7

This comment has been minimized.

Show comment
Hide comment
@webdesign7

webdesign7 May 30, 2016

Thanks it helped me and worked !!!

regards

Thanks it helped me and worked !!!

regards

@yyaabboopp

This comment has been minimized.

Show comment
Hide comment
@yyaabboopp

yyaabboopp Jun 2, 2016

Thanks a lot for this writeup. Everything worked perfectly on El Capitan.

Thanks a lot for this writeup. Everything worked perfectly on El Capitan.

@philschoefer

This comment has been minimized.

Show comment
Hide comment
@philschoefer

philschoefer Jun 26, 2016

Thank you so much. Works like a charm!

Thank you so much. Works like a charm!

@madhukarhere

This comment has been minimized.

Show comment
Hide comment
@madhukarhere

madhukarhere Jul 14, 2016

I am getting below error when i try to open using curl or chrome.

curl https://localhost:443
curl: (7) Failed to connect to localhost port 443: Connection refused

chrome:
This site can’t be reached
localhost refused to connect.

All i changed is the site location.

madhukarhere commented Jul 14, 2016

I am getting below error when i try to open using curl or chrome.

curl https://localhost:443
curl: (7) Failed to connect to localhost port 443: Connection refused

chrome:
This site can’t be reached
localhost refused to connect.

All i changed is the site location.

@VictorTencent

This comment has been minimized.

Show comment
Hide comment
@VictorTencent

VictorTencent Aug 8, 2016

It works on OSX EI Captain , thx .

It works on OSX EI Captain , thx .

@polkerty

This comment has been minimized.

Show comment
Hide comment
@polkerty

polkerty Aug 23, 2016

works on El Capitan! Although I do get a warning about the certificate

works on El Capitan! Although I do get a warning about the certificate

@seqbioinfo

This comment has been minimized.

Show comment
Hide comment
@seqbioinfo

seqbioinfo Aug 26, 2016

Hi, After following the steps listed above, I got the following X509 certificate error in Chrome, and cannot proceed.
"Certificate Error
There are issues with the site's certificate chain (net::ERR_CERT_INVALID)."

Any suggestions?

Hi, After following the steps listed above, I got the following X509 certificate error in Chrome, and cannot proceed.
"Certificate Error
There are issues with the site's certificate chain (net::ERR_CERT_INVALID)."

Any suggestions?

@aplaceforallmystuff

This comment has been minimized.

Show comment
Hide comment
@aplaceforallmystuff

aplaceforallmystuff Oct 6, 2016

I found the following lines to be incorrect

Back in Terminal, edit the SSL configuration.

edit /etc/apache2/extra/httpd-vhosts.conf
Next, comment line 44 and 54 to skip the default Server Certificate and Server Private Key.

SSLCertificateFile "/private/etc/apache2/server.crt"

SSLCertificateKeyFile "/private/etc/apache2/server.key"

These changes need to be done on /etc/apache2/extra/httpd**-ssl**.conf, not on httpd-vhosts.conf

Otherwise all working on macos Sierra - many thanks.

aplaceforallmystuff commented Oct 6, 2016

I found the following lines to be incorrect

Back in Terminal, edit the SSL configuration.

edit /etc/apache2/extra/httpd-vhosts.conf
Next, comment line 44 and 54 to skip the default Server Certificate and Server Private Key.

SSLCertificateFile "/private/etc/apache2/server.crt"

SSLCertificateKeyFile "/private/etc/apache2/server.key"

These changes need to be done on /etc/apache2/extra/httpd**-ssl**.conf, not on httpd-vhosts.conf

Otherwise all working on macos Sierra - many thanks.

@jcalais

This comment has been minimized.

Show comment
Hide comment
@jcalais

jcalais Oct 7, 2016

You have an error in your directives that would probably seriously mess up people's configuration.

"Back in Terminal, edit the SSL configuration." -> and then "edit /etc/apache2/extra/httpd-vhosts.conf", which is the vhosts file.

jcalais commented Oct 7, 2016

You have an error in your directives that would probably seriously mess up people's configuration.

"Back in Terminal, edit the SSL configuration." -> and then "edit /etc/apache2/extra/httpd-vhosts.conf", which is the vhosts file.

@vickydhas

This comment has been minimized.

Show comment
Hide comment
@vickydhas

vickydhas Oct 14, 2016

Still getting

<title>403 Forbidden</title>

Forbidden

You don't have permission to access / on this server.

Tried to change the SSL and vhost file but dont get the results in macOS Sierra , can help

Still getting

<title>403 Forbidden</title>

Forbidden

You don't have permission to access / on this server.

Tried to change the SSL and vhost file but dont get the results in macOS Sierra , can help

@ibrahimlawal

This comment has been minimized.

Show comment
Hide comment
@ibrahimlawal

ibrahimlawal Oct 23, 2016

@jonathantneal Thanks! Awesome! 2 things...

  • You said:

Back in Terminal, edit the SSL configuration...

but typed

edit /private/etc/apache2/extra/httpd-vhosts.conf

I believe you meant:

edit /private/etc/apache2/extra/httpd-ssl.conf
  • I had issues getting https working because my httpd-ssl.conf was being loaded after httpd-vhosts.conf. It worked fine after moving httpd-vhosts.conf to the bottom.

Hope that helps and may improve the guide.

Thanks again!

@jonathantneal Thanks! Awesome! 2 things...

  • You said:

Back in Terminal, edit the SSL configuration...

but typed

edit /private/etc/apache2/extra/httpd-vhosts.conf

I believe you meant:

edit /private/etc/apache2/extra/httpd-ssl.conf
  • I had issues getting https working because my httpd-ssl.conf was being loaded after httpd-vhosts.conf. It worked fine after moving httpd-vhosts.conf to the bottom.

Hope that helps and may improve the guide.

Thanks again!

@Shilpi3

This comment has been minimized.

Show comment
Hide comment
@Shilpi3

Shilpi3 Nov 1, 2016

I am getting this error in Mac Sierra httpd: Syntax error on line 143 of /private/etc/apache2/httpd.conf: Cannot load libexec/apache3/mod_ssl.so into server: dlopen(/usr/libexec/apache3/mod_ssl.so, 10): image not found

<VirtualHost *:443>
ServerName localhost
DocumentRoot "/Users//Sites/localhost"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

<Directory "/Users/<my username>/Sites/localhost">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    Require all granted
</Directory>

Shilpi3 commented Nov 1, 2016

I am getting this error in Mac Sierra httpd: Syntax error on line 143 of /private/etc/apache2/httpd.conf: Cannot load libexec/apache3/mod_ssl.so into server: dlopen(/usr/libexec/apache3/mod_ssl.so, 10): image not found

<VirtualHost *:443>
ServerName localhost
DocumentRoot "/Users//Sites/localhost"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/localhost.crt
SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

<Directory "/Users/<my username>/Sites/localhost">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    Require all granted
</Directory>
@justusbluemer

This comment has been minimized.

Show comment
Hide comment

https://gist.github.com/jonathantneal/774e4b0b3d4d739cbc53#gistcomment-1891444 is right, please update this otherwise great documentation.

@tonyoconnell

This comment has been minimized.

Show comment
Hide comment
@tonyoconnell

tonyoconnell Nov 13, 2016

Thanks for the guide ...

I got a permission denied error so I made my httpd-vhosts.conf look like this

<VirtualHost *:80>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
   <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
  SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
  <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
  SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
  <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

tonyoconnell commented Nov 13, 2016

Thanks for the guide ...

I got a permission denied error so I made my httpd-vhosts.conf look like this

<VirtualHost *:80>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
   <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
  SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
  <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

<VirtualHost *:443>
  ServerName localhost
  DocumentRoot "/Users/tony/Sites"
  SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key
  <Directory "Users/tony/Sites">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>
@imagineLife

This comment has been minimized.

Show comment
Hide comment
@imagineLife

imagineLife Nov 26, 2016

I have a question!
I followed all of these directions, and have also visited several other pages discussing getting the localhost up and running on sierra.
I've gone through similar processes in the previous 2 versions of osx upgrades, and assume this, too wil get figured out. I can't figure it out now, though!
The documentRoot doesn't seem to refresh or something - I've changed all of the document root lingo to point to Users/Me/Sites/, but http:// still delivers the "It works!" in the browser, as opposed to the desired file-system inside my /Sites/ folder. Also, I've even edited the index file TEXT to read "It still works!", but the text that shows up in the browser is still "It works!".
Seems more mysterious than Before.
If anyone has any thoughts/help, it'd be much appreciated!
Still digging...
Thanks!

I have a question!
I followed all of these directions, and have also visited several other pages discussing getting the localhost up and running on sierra.
I've gone through similar processes in the previous 2 versions of osx upgrades, and assume this, too wil get figured out. I can't figure it out now, though!
The documentRoot doesn't seem to refresh or something - I've changed all of the document root lingo to point to Users/Me/Sites/, but http:// still delivers the "It works!" in the browser, as opposed to the desired file-system inside my /Sites/ folder. Also, I've even edited the index file TEXT to read "It still works!", but the text that shows up in the browser is still "It works!".
Seems more mysterious than Before.
If anyone has any thoughts/help, it'd be much appreciated!
Still digging...
Thanks!

@thompsgr

This comment has been minimized.

Show comment
Hide comment
@thompsgr

thompsgr Dec 5, 2016

Awesome, thanks! Other configurations I found didn't work for me, but this one did. As mentioned, you have a typo here:

Back in Terminal, edit the SSL configuration.
edit /etc/apache2/extra/httpd-vhosts.conf

Should be:
edit /etc/apache2/extra/httpd-ssl.conf

thompsgr commented Dec 5, 2016

Awesome, thanks! Other configurations I found didn't work for me, but this one did. As mentioned, you have a typo here:

Back in Terminal, edit the SSL configuration.
edit /etc/apache2/extra/httpd-vhosts.conf

Should be:
edit /etc/apache2/extra/httpd-ssl.conf

@aatvanrees

This comment has been minimized.

Show comment
Hide comment
@aatvanrees

aatvanrees Dec 22, 2016

Thanks! Got it working!!
thompsgr is right about the typo...

Thanks! Got it working!!
thompsgr is right about the typo...

@Scenario

This comment has been minimized.

Show comment
Hide comment
@Scenario

Scenario Dec 28, 2016

Yes, please correct the typos above. They tripped me up too.

Yes, please correct the typos above. They tripped me up too.

@ryanburnett

This comment has been minimized.

Show comment
Hide comment

ryanburnett commented Mar 17, 2017

@Renrhaf

This comment has been minimized.

Show comment
Hide comment
@Renrhaf

Renrhaf Mar 22, 2017

worked on OSX Sierra, beware of some typos. Thanks !

Renrhaf commented Mar 22, 2017

worked on OSX Sierra, beware of some typos. Thanks !

@itsDiwaker

This comment has been minimized.

Show comment
Hide comment
@itsDiwaker

itsDiwaker Apr 21, 2017

thanks it's working on Yosemite for me. Didn't work for the first time. There was some problem with httpd-ssl.conf. httpd -t proved invaluable while debugging.

thanks it's working on Yosemite for me. Didn't work for the first time. There was some problem with httpd-ssl.conf. httpd -t proved invaluable while debugging.

@ganchan

This comment has been minimized.

Show comment
Hide comment
@ganchan

ganchan May 17, 2017

Thankyou, all works perfectly but when i connect to my local address i receive an error, the apache logs says "server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)".
I've repeated every step 2 times.

G.

ganchan commented May 17, 2017

Thankyou, all works perfectly but when i connect to my local address i receive an error, the apache logs says "server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)".
I've repeated every step 2 times.

G.

@benyaminshoham

This comment has been minimized.

Show comment
Hide comment
@benyaminshoham

benyaminshoham Jul 5, 2017

Great article! got me up and running quickly.
There's a small error in the article. Where it says:

Back in Terminal, edit the SSL configuration.
edit /etc/apache2/extra/httpd-vhosts.conf

It should say httpd-ssl.conf

Thanks.

benyaminshoham commented Jul 5, 2017

Great article! got me up and running quickly.
There's a small error in the article. Where it says:

Back in Terminal, edit the SSL configuration.
edit /etc/apache2/extra/httpd-vhosts.conf

It should say httpd-ssl.conf

Thanks.

@jonathantneal

This comment has been minimized.

Show comment
Hide comment
@jonathantneal

jonathantneal Jul 5, 2017

Whoa... I had no idea anyone had seen this or used this. I’ve never received notifications from this post. I have made the corrections. You all are amazing and awesome and I need to figure out how to monitor gists.

Owner

jonathantneal commented Jul 5, 2017

Whoa... I had no idea anyone had seen this or used this. I’ve never received notifications from this post. I have made the corrections. You all are amazing and awesome and I need to figure out how to monitor gists.

@nicohvi

This comment has been minimized.

Show comment
Hide comment
@nicohvi

nicohvi Jul 25, 2017

This works very well still - exceptional job @jonathantneal! As others have stated, if things aren't working try running httpd -t. I had enabled a dav package for some reason and once I removed the erroneous package inclusion everything worked swimmingly.

nicohvi commented Jul 25, 2017

This works very well still - exceptional job @jonathantneal! As others have stated, if things aren't working try running httpd -t. I had enabled a dav package for some reason and once I removed the erroneous package inclusion everything worked swimmingly.

@marquessbr

This comment has been minimized.

Show comment
Hide comment
@marquessbr

marquessbr Aug 10, 2017

I follow the steps and only for a 'http' request work, but when I configure to request 'https' the server returned:
"Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."

What is wrong?

thanks

marquessbr commented Aug 10, 2017

I follow the steps and only for a 'http' request work, but when I configure to request 'https' the server returned:
"Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."

What is wrong?

thanks

@mrtargaryen

This comment has been minimized.

Show comment
Hide comment
@mrtargaryen

mrtargaryen Aug 21, 2017

Total noob here.

I run Searx meta search engine on localhost:8888

I installed Searx as per the instructions found here using Docker https://github.com/asciimoo/searx/wiki/Installation

I use Firefox with the addon https Everywhere and I like to block all unencrypted requests. So localhost:8888 won't work in Firefox.

Do you know if its possible to add an SSL cert to this local instance of Searx on localhost:8888 so I can use it in Firefox?

Thanks :)

Total noob here.

I run Searx meta search engine on localhost:8888

I installed Searx as per the instructions found here using Docker https://github.com/asciimoo/searx/wiki/Installation

I use Firefox with the addon https Everywhere and I like to block all unencrypted requests. So localhost:8888 won't work in Firefox.

Do you know if its possible to add an SSL cert to this local instance of Searx on localhost:8888 so I can use it in Firefox?

Thanks :)

@tsal

This comment has been minimized.

Show comment
Hide comment
@tsal

tsal Sep 29, 2017

@mrtargaryen - the easiest way to do this is to create a local reverse proxy to port 8888. Nginx or Apache can do this, though Nginx is a little better documented for this purpose.

tsal commented Sep 29, 2017

@mrtargaryen - the easiest way to do this is to create a local reverse proxy to port 8888. Nginx or Apache can do this, though Nginx is a little better documented for this purpose.

@aseem2625

This comment has been minimized.

Show comment
Hide comment
@aseem2625

aseem2625 Oct 3, 2017

Not working for me. OSX Sierra(10.12.1)
I'm already having apache setup which I'm using for other projects.
I'm having some node server (not self-setup but it's invoked by gatsby command to be specific which runs on port 8000).

  1. So, for :443, my vhosts file instead looks like
<VirtualHost *:443>
    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    ServerName dummylocaldomain.com
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

I just want to forward the request from https://dummylocaldomain.com to localhost:8000 which serves the website( **Note:**I've already mapped dummylocaldomain in my /etc/hosts to 127.0.0.1 if that matters )

I was able to follow all other steps though.. Any help?

aseem2625 commented Oct 3, 2017

Not working for me. OSX Sierra(10.12.1)
I'm already having apache setup which I'm using for other projects.
I'm having some node server (not self-setup but it's invoked by gatsby command to be specific which runs on port 8000).

  1. So, for :443, my vhosts file instead looks like
<VirtualHost *:443>
    SSLEngine On
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    ServerName dummylocaldomain.com
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

I just want to forward the request from https://dummylocaldomain.com to localhost:8000 which serves the website( **Note:**I've already mapped dummylocaldomain in my /etc/hosts to 127.0.0.1 if that matters )

I was able to follow all other steps though.. Any help?

@mildredn

This comment has been minimized.

Show comment
Hide comment
@mildredn

mildredn Nov 29, 2017

Works on Sierra! Thank you.

Works on Sierra! Thank you.

@bokybanton

This comment has been minimized.

Show comment
Hide comment
@bokybanton

bokybanton Nov 30, 2017

It works perfectly on OS X 10.13.1, LibreSSL 2.2.7 & Apache/2.4.27. The terminal cmd to add the certificate to OS X Keychain was very useful and pretty fast to work with Safari. :-P

It works perfectly on OS X 10.13.1, LibreSSL 2.2.7 & Apache/2.4.27. The terminal cmd to add the certificate to OS X Keychain was very useful and pretty fast to work with Safari. :-P

@rafmjr

This comment has been minimized.

Show comment
Hide comment
@rafmjr

rafmjr Feb 24, 2018

Beautiful! It work as expected! Thanks a lot!

rafmjr commented Feb 24, 2018

Beautiful! It work as expected! Thanks a lot!

@howar31

This comment has been minimized.

Show comment
Hide comment
@howar31

howar31 Apr 3, 2018

Thanks this works on High Sierra!

howar31 commented Apr 3, 2018

Thanks this works on High Sierra!

@gillesgoetsch

This comment has been minimized.

Show comment
Hide comment
@gillesgoetsch

gillesgoetsch Apr 4, 2018

HighSierra 10.13.3 confirmed. Thanks!

HighSierra 10.13.3 confirmed. Thanks!

@thapachaki

This comment has been minimized.

Show comment
Hide comment
@thapachaki

thapachaki Apr 26, 2018

Thank you very much! (10.13.4)

Thank you very much! (10.13.4)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment