Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Enable SSL in Apache for 'localhost' (OSX, El Capitan)

Enable SSL in Apache (OSX)

The following will guide you through the process of enabling SSL on a Apache webserver

  • The instructions have been verified with OSX El Capitan (10.11.2) running Apache 2.4.16
  • The instructions assume you already have a basic Apache configuration enabled on OSX, if this is not the case feel free to consult Gist: "Enable Apache HTTP server (OSX)"

Apache SSL Configuration

Create a directory within /etc/apache2/ using Terminal.app: sudo mkdir /etc/apache2/ssl
Next, generate two host keys:

sudo openssl genrsa -out /etc/apache2/server.key 2048
sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl rsa -in /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.key.rsa

Create a configuration file using Terminal.app: sudo touch /etc/apache2/ssl/localhost.conf
Edit the newly created configuration file and add the following:

[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]

[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = *.localhost

Generate the required Certificate Requests using Terminal.app:

sudo openssl req -new -key /etc/apache2/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /etc/apache2/server.csr
sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=/ST=/L=/O=/CN=localhost/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.conf

Note: Complete the values C= ST= L= O= CN= to reflect your own organizational structure, where:

  • C= eq. Country: The two-letter ISO abbreviation for your country.
  • ST= eq. State or Province: The state or province where your organization is legally located.
  • L= eq. City or Locality: The city where your organization is legally located.
  • O= eq. Organization: he exact legal name of your organization.
  • CN= eq. Common Name: The fully qualified domain name for your web server

Use the Certificate Requests to sign the SSL Certificates using Terminal.app:

sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt
sudo openssl x509 -req -extensions v3_req -days 365 -in /etc/apache2/ssl/localhost.csr -signkey /etc/apache2/ssl/localhost.key.rsa -out /etc/apache2/ssl/localhost.crt -extfile /etc/apache2/ssl/localhost.conf

Add the SSL Certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Apache Configuration

Edit the Apache main configuration file /etc/apache2/httpd.conf and enable the required modules to support SSL :

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so

Enable Secure (SSL/TLS) connections

Include /private/etc/apache2/extra/httpd-ssl.conf

Apache Virtual Host Configuration

Edit the Virtual Hosts file /etc/apache2/extra/httpd-vhosts.conf and add the SSL Directive at the end of the file:

<VirtualHost *:443>
    ServerName localhost
    DocumentRoot "/Library/WebServer/Documents"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    <Directory "/Library/WebServer/Documents">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Finally restart Apache using Terminal.app : sudo apachectl restart
Open Safari and visit https://localhost to verify your configuration.

@JyotiDuhan
Copy link

JyotiDuhan commented Jan 29, 2018

I followed the same and localhost works fine but still my react application is not working with https.
I am trying https://localhost:3000 and it says "site can not be reached". Any suggestions??

@laurentiuc
Copy link

laurentiuc commented Mar 13, 2018

+1 thanks

@The-KarateKid
Copy link

The-KarateKid commented Apr 13, 2018

For those using Homebrew Apache, check your /extra/httpd-ssl.conf file for what port it is set to listen to (usually 8443). Update your <VirtualHost *:8443> in httpd-vhosts.conf file to match that. Then, you have to access localhost via https://localhost:8443

@podolinek
Copy link

podolinek commented Apr 24, 2018

For me required to add row with "Listen 443" to httpd.conf.

@romanych
Copy link

romanych commented Apr 27, 2018

Thank you for great work, really worked!

@gracielaPosadas
Copy link

gracielaPosadas commented Apr 27, 2018

I'm confused about the routes . how does the httpd-vhosts.conf should to be routed for MAMP?

@wesleyhlee
Copy link

wesleyhlee commented Jul 1, 2018

This guide still works (macOS 10.13, httpd -v Apache 2.4.33)

@VizualAbstract
Copy link

VizualAbstract commented Jul 17, 2018

Verified it works, too. Thanks so much!

I had to do a few additional changes because I changed my directory from /Library/WebServer/Documents to somewhere else.

MacOS 10.13.15 / Apache 2.4.33

I had to update it in /etc/apache2/httpd.conf, /private/etc/apache2/extra/httpd-ssl.conf and /private/etc/apache2/extra/httpd-vhosts.conf, so they all matched.

PS I went through this shortly after configuring dnsmasq.

@bhanu0987
Copy link

bhanu0987 commented Jul 27, 2018

Thanks a lot!

@santhoshnp
Copy link

santhoshnp commented Oct 10, 2018

You have any video related on this https on local host

@KevinMChristian
Copy link

KevinMChristian commented Nov 7, 2018

this worked for me. the problem is I am not sure how to make php work with it. I tried turning on php to localhost:443 and it doesn't work although it does turn on. I can turn on php to another port but I'm trying to do a facebook login with php. Now I have php working and https on localhost working but I'm not sure how to make them work together. Any suggestions?

@KevinMChristian
Copy link

KevinMChristian commented Nov 7, 2018

For those using Homebrew Apache, check your /extra/httpd-ssl.conf file for what port it is set to listen to (usually 8443). Update your <VirtualHost *:8443> in httpd-vhosts.conf file to match that. Then, you have to access localhost via https://localhost:8443

should I do the same thing if I am running php -S 127.0.0.1:8080 ? <VirtualHost *:8080> to make the php work for https?

@sonicbobcat85
Copy link

sonicbobcat85 commented Dec 12, 2018

Using the built-in Apache on macOS Mojave, I first received the "Forbidden" error as well. After a fair amount of poking around, I resolved it simply by updating the corresponding Virtual Host entry in httpd-vhosts.conf from :80 to :443.

Chrome still threw a security warning like it would for an invalid certificate, but I just chose to "Proceed" and saw my site load normally.

@hungvietdo
Copy link

hungvietdo commented Jan 6, 2019

Following the process, and it worked nicely for me.

@dlivesay
Copy link

dlivesay commented Jan 14, 2019

rlaurente: If you mean enable SSL for multiple virtual hosts, just add them to the server.cnf file's extensions.

subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = my.local.host
DNS.3 = my.other.local.host
DNS.4 = local.version.of.production.com

Add all the virtual hosts you have configured or any you might want to set up in the foreseeable future so you don't need to generate another certificate each time you add a new virtual host.

Be sure to use the -extfile argument with the x509 command to point to the server.cnf file. (You don't need to include the -extensions argument if req_extensions is defined in the configuration file.)

If you really meant "how can we enable multiple virtual hosts?" See the Apache Webserver documentation.

@perryclarke
Copy link

perryclarke commented May 10, 2019

On macOS 10.14 I had to enable vhosts generally in the httpd.conf ... just search for "vhost" and uncomment as needed.

@cletcher
Copy link

cletcher commented Oct 17, 2019

I followed these instructions, worked great with one exception: got an error in Chrome: Error: "Subject Alternative Name Missing" or NET::ERR_CERT_COMMON_NAME_INVALID or "Your connection is not private"

The fix was to change 2 of the steps above to include the Subject Alternative Name on these lines:
sudo openssl req -new -key /etc/apache2/server.key -subj "/C=US/ST=OK/L=TULSA/O=NONE/CN=localhost/subjectAlternativeName=localhost/emailAddress=thissucks@gmail.com/" -out /etc/apache2/server.csr
sudo openssl req -new -key /etc/apache2/ssl/localhost.key.rsa -subj "/C=US/ST=OK/L=TULSA/O=NONE/CN=localhost/subjectAlternativeName=localhost/emailAddress=thissucks@gmail.com/" -out /etc/apache2/ssl/localhost.csr -config /etc/apache2/ssl/localhost.conf

@emale999
Copy link

emale999 commented Feb 24, 2020

What do I have to do/replace after 365 days when the certificate expires?

@zakirsajib
Copy link

zakirsajib commented May 10, 2020

to fix Google chrome, follow this:

https://www.robpeck.com/2010/10/google-chrome-mac-os-x-and-self-signed-ssl-certificates/

@dyarfi
Copy link

dyarfi commented May 18, 2020

Thank you, it works!

@vkeysheoran
Copy link

vkeysheoran commented May 26, 2020

For the Homebrew apache i had to first delete the ...... from /etc/apache2/extra/httpd-ssl.conf and add to above mentioned <VirtualHost *:443> ... . Now it's working cool.

@MichaelCesare
Copy link

MichaelCesare commented Sep 16, 2020

amazing :) works on first try for my MAC OS with apache2

@smohadjer
Copy link

smohadjer commented Nov 20, 2020

Thanks, worked on Mac OS Mojave.

@skogarfoss
Copy link

skogarfoss commented Dec 5, 2020

great help - it also works on Mac OS Catalina 10.15.7 and Apache 2.4.46 (installed with homebrew)

@francwalter
Copy link

francwalter commented Jan 22, 2021

Thank you very much! I did exactly what is written and it worked initially :)
I got the warning that not trusted but I accepted it and it is gone.

frank
Mac OS 10.11.6 with Apache 2.4 and PHP 7.4

@felixkipyego
Copy link

felixkipyego commented Jan 23, 2021

To fix chrome blocking you
Visit: chrome://flags/#allow-insecure-localhost on chrome and enable "Allow invalid certificates for resources loaded from localhost."

@smohadjer
Copy link

smohadjer commented Jan 23, 2021

@felixkipyego Or you can use a self-assigned certificate. Then you won't get warnings in any browser. I have documented steps in a gist here: https://gist.github.com/smohadjer/cacacd14eed0881bc576d501cdf98e7d

@dev-xiligroup
Copy link

dev-xiligroup commented Apr 20, 2021

Congratulations - with 10.13.6 and (from amazing MacPorts) Apache 2.4.46 (Php 7.4.16) and some changes in path (/opt/local/etc/... instead /etc/...) https is working with localhost (or xxxx-i5-imac.local) for website in /Library/WebServer/Documents and in /Users/~loginname/Sites... Bravo ! (a good way to understand ssl and test locally WP web sites in dev...)

@alexzhu2021
Copy link

alexzhu2021 commented Dec 14, 2021

it returns
Forbidden
You don't have permission to access / on this server.
I fixed it by un-commenting
Include /private/etc/apache2/extra/httpd-vhosts.conf
in /etc/apache2/httpd.conf
I think the guide missed this part.

@HelaGone
Copy link

HelaGone commented Apr 18, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment