cover getting your site setup with SSL support
It is often important to be able to test your local site setup under SSL (e.g. https://yoursite.com). There are a few steps that are needed to accomplish this with your 'OS X 10.11 El Capitan'-based Apache setup. The first step is to make some modifications to your
httpd.conf. Because it's a system file, you will need to use
$ sudo nano /etc/apache2/httpd.conf
In this file you should uncomment both the
ssl_module, and also the include for the
httpd-ssl.confby removing the leading
#symbol on those lines:
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so ... LoadModule ssl_module libexec/apache2/mod_ssl.so ... Include /private/etc/apache2/extra/httpd-ssl.conf
After saving this file, you should then open up your
$ sudo nano /etc/apache2/extra/httpd-vhosts.conf
Here you can create a VirtualHost entry for each virtual host that you wish to provide SSL support for.
<VirtualHost *:443> DocumentRoot "/Users/your_user/Sites" ServerName localhost SSLEngine on SSLCertificateFile "/private/etc/apache2/server.crt" SSLCertificateKeyFile "/private/etc/apache2/server.key" </VirtualHost>
In this example we have created the VirtualHost for localhost, but it could be any of your existing or even a new VirtualHost.
To get this all to work with Apache, we need to create a self-signed certificate that we have already referenced in the VirtualHost definition.
First generate a key:
$ cd /etc/apache2 $ sudo ssh-keygen -f server.key
Then generate a certificate signing request:
$ sudo openssl req -new -key server.key -out server.csr
Using this CSR, generate the certificate:
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The convert the key to a no-phrase key:
$ sudo openssl rsa -in server.key -out server.key
Then all you need to do now is double check your Apache configuration syntax:
$ sudo apachectl configtest
If all goes well, restart Apache:
$ sudo apachectl -k restart
Now simply point your browser at
https://localhost. If you are prompted about aself-signed certificate, in Chrome you can hit the
Advancedoption on that page and proceed while in Firefox you need to expand the
I Understand the Risksand add as exception. This is due to the fact that the self-signed certificates are not signed by any authority and for this reasons the browsers add warnings about it. Although, since you are the one who created the certificate, you understand it's safe to accept it.