Thursday, 1 March 2012

HTTPS with MAMP

If you're here, you probably have an HTTPS local MAMP test site that didn't work "as is". This is how I got it to work with MAMP version 2.0.5 under OS X 10.7.3. It might work with other versions, but no guarantees.

1) backup your MAMP installation
Reminder--it's located at: /Applications/MAMP

2) un-comment the SSL config part of your httpd.conf
Open /Applications/MAMP/conf/apache/httpd.conf

Search for the lines:
# Secure (SSL/TLS) connections
# Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf

And un-comment the Include statement to make it look like:
# Secure (SSL/TLS) connections
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf

Save.

3) point the SSL configuration to the right httpd folder
Open /Applications/MAMP/conf/apache/extra/httpd-ssl.conf

Search for the lines:
#   General setup for the virtual host
DocumentRoot "/Applications/MAMP/Library/htdocs"

Change to whatever folder it should be (note alternative instructions at the end of this section). In my case it was the default, non-ssl MAMP htdocs folder:
DocumentRoot "/Applications/MAMP/htdocs"

Save.

There are other configurations in this file that you might want to consider updating, too, but pointing the htdocs folder to your desired location should be sufficient for a lot of people.

(Alternatively, you can just create a symlink from /Applications/MAMP/Library/htdocs to wherever you want. Google "ln -s" if you're unsure how to do this.)

4) generate SSL cert/key/etc.
In the httpd-ssl.conf, you'll notice that the location for the keys/certs are listed in lines similar to this one: SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"

In Terminal, go to the appropriate folder:
cd /Applications/MAMP/conf/apache

Create a private key, and follow the prompts:
openssl genrsa -des3 -out server.key 1024

Remove password:
cp server.key server-pw.key
openssl rsa -in server-pw.key -out server.key

Create certificate signing request, follow prompts or accept defaults:
openssl req -new -key server.key -out server.csr

Create certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Restart your server, and check your log if there are errors. Your browser will request you to accept your new certificate when trying to view a secure local file for the first time (e.g. https://localhost/)

No comments:

Post a Comment