Local SSL websites on macOS Sierra

Local SSL on macOS.md

Local SSL websites on macOS Sierra

These instructions will guide you through the process of setting up local, trusted websites on your own computer.

These instructions are intended to be used on macOS Sierra, but they have been known to work in El Capitan, Yosemite, Mavericks, and Mountain Lion.

NOTE: You may substitute the edit command for nano, vim, or whatever the editor of your choice is. Personally, I forward the edit command to Sublime Text:

alias edit="/Applications/Sublime\ Text.app/Contents/SharedSupport/bin/subl"

---

Configuring Apache

Within Terminal, start Apache.

sudo apachectl start

In a web browser, visit http://localhost. You should see a message stating that It works!.

Configuring Apache: Setting up a Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, replace line 212 to supress messages about the server’s fully qualified domain name.

ServerName localhost

Next, uncomment line 160 and line 499 to enable Virtual Hosts.

LoadModule vhost_alias_module libexec/apache2/mod_vhost_alias.so

Include /private/etc/apache2/extra/httpd-vhosts.conf

Optionally, uncomment line 169 to enable PHP.

LoadModule php5_module libexec/apache2/libphp5.so

Within Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, replace the entire contents of this file with the following, replacing indieweb with your user name.

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Within Terminal, restart Apache.

sudo apachectl restart

Configuring Apache: Creating a Site

Within Terminal, create a Sites parent directory and a localhost subdirectory, which will be our first site.

mkdir -p ~/Sites/localhost

Next, create a test HTML document within localhost.

echo "<h1>localhost works</h1>" > ~/Sites/localhost/index.html

Now, in a web browser, visit http://localhost. You should see a message stating that localhost works.

---

Configuring SSL

Within Terminal, create an SSL directory.

sudo mkdir /etc/apache2/ssl

Next, generate a private key and certificate for your site.

sudo openssl genrsa -out /etc/apache2/ssl/localhost.key 2048
sudo openssl req -new -x509 -key /etc/apache2/ssl/localhost.key -out /etc/apache2/ssl/localhost.crt -days 3650 -subj /CN=localhost

Finally, add the certificate to Keychain Access.

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /etc/apache2/ssl/localhost.crt

Configuring SSL: Setting up a Trusted Virtual Host

Within Terminal, edit the Apache Configuration.

edit /etc/apache2/httpd.conf

Within the editor, uncomment lines 89 and 143 to enable modules required by HTTPS.

LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so

LoadModule ssl_module libexec/apache2/mod_ssl.so

Next, uncomment line 516 to enable Trusted Virtual Hosts.

Include /private/etc/apache2/extra/httpd-ssl.conf

Back in Terminal, edit the Virtual Hosts configuration.

edit /etc/apache2/extra/httpd-vhosts.conf

Within the editor, add a 443 VirtualHost Name and localhost Directive at the end of the file, replacing indieweb with your user name.

<VirtualHost *:443>
    ServerName localhost
    DocumentRoot "/Users/indieweb/Sites/localhost"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    <Directory "/Users/indieweb/Sites/localhost">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

Back in Terminal, edit the SSL configuration.

edit /etc/apache2/extra/httpd-ssl.conf

Next, comment line 144 and 154 to skip the default Server Certificate and Server Private Key.

#SSLCertificateFile "/private/etc/apache2/server.crt"

#SSLCertificateKeyFile "/private/etc/apache2/server.key"

Next, beneath the commented certificates or keys, add references to your certificate and key.

SSLCertificateFile "/etc/apache2/ssl/localhost.crt"

SSLCertificateKeyFile "/etc/apache2/ssl/localhost.key"

Back in Terminal, restart Apache.

sudo apachectl restart

Now, in a web browser, visit https://localhost. The domain should appear trusted, and you should see a message stating that localhost works!.

Thank you for this guide. Basically, It works very well for me. -- However, to work with several websites locally, I had to make an addition and some small changes.

For for adding one more website locally, I add the following line to hosts:
edit /private/etc/hosts

For mywebsite.localhost I add:
127.0.0.1 mywebsite.localhost

Back in Terminal, I edit the Virtual Hosts configuration.
edit /etc/apache2/extra/httpd-vhosts.conf

I add a 443 VirtualHost Name and mywebsite.localhost Directive at the end of the file. I replace:
-- ServerName localhost with ServerName mywebsite.localhost
-- indieweb with my user name

With this setup, I get 404 errors on images, and several internal paths of my CMS don’t work. When I make the following change, everything works as designed. I replace:
-- <Directory "/Users/indieweb/Sites/localhost"> with <Directory "/">

<VirtualHost *:443>
    ServerName mywebsite.localhost
    DocumentRoot "/Users/indieweb/Sites/mywebsite-root"

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl/localhost.crt
    SSLCertificateKeyFile /etc/apache2/ssl/localhost.key

    <Directory "/">
        Options Indexes FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>