Having read a number of guides on using SSL with MAMP I still couldn't get things working properly. This is my guide which takes ideas from a number of resources. As with the guides I'd previously read this may or may not work for you but either way I hope it helps.
-
I imagine you can generate a wildcard certficate for all local sites but this didn't work for me so I generated a certificate for each local site individually. This method uses the subjectAltName field as this is required since Chrome 58.
-
Create the following file in your user folder and save as server.csr.cnf. Remember to change your Country (C), State (ST), Location (L), Organisation (O), Oganisational Unit (OU), Email Address( emailAddress) and Common Name (CN). For the common name I matched with my local site name as defined in my hosts file.
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
C=GB
ST=Grantham
L=Lincolnshire
O=Company Name
OU=Digital
emailAddress=an@email.address
CN=local.hostname.com
- Create the following file in your user folder and save as v3.ext. Change the DNS.1 alt_name to match the Common Name above.
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1=local.hostname.com
-
Open terminal and navigate to your user folder cd ~.
-
Run the following command. I amend the .csr and .key filename to the local site name as I'm generating a certificate for each local site.
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )
- Run the following command. I amend the .csr, .key and .crt filename to my local site name as I'm generating a certificate for each local site.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -extfile v3.ext
- Copy the generated .key and .crt files to /Applications/MAMP/conf/apache.
- Open /Applications/MAMP/conf/apache/httpd.conf and uncomment the following line by removing the starting #.
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
- Open /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf and ensure it contains the following lines in the name-based virtual hosting section.
NameVirtualHost *:80
NameVirtualHost *:443
- Open /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and add the following block. Change the DocumentRoot folder. Change the ServerName to match you local site. Change the SSLCertificateFile and SSLCertificateKeyFile to match the .key and .crt files that you copied into /Applications/MAMP/conf/apache.
<VirtualHost *:443>
DocumentRoot "/Applications/MAMP/htdocs/folder"
ServerName local.hostname.com
ServerAdmin admin@localhost
ErrorLog "/Applications/MAMP/Library/logs/error_log"
TransferLog "/Applications/MAMP/Library/logs/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/serverkey"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Applications/MAMP/Library/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/Applications/MAMP/Library/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
The final steps are to ensure Chrome always accepts the certificate.
-
Open Keychain Access and navigate to the Certificates category.
-
Drag the .crt file across.
-
Double click the certificate in Keychain Access, open the trust section and select When using this certificate: Always Trust.
Restart MAMP and Chrome.
Repeat the process for additional local sites.
The following sites helped me along the way.
https://gist.github.com/jfloff/5138826
https://alexanderzeitler.com/articles/Fixing-Chrome-missing_subjectAltName-selfsigned-cert-openssl/