Home » Questions » Computers [ Ask a new question ]

How to easily create a SSL certificate and configure it in Apache2 in Mac OS X?

How to easily create a SSL certificate and configure it in Apache2 in Mac OS X?

I'd like to use my Mac OS X with https for local development tests. How can I easily make Apache2 respond to ssl, just for test proposes - I don't want a real certificate, just a fake to make local https work

Asked by: Guest | Views: 320
Total answers/comments: 1
bert [Entry]

"For local development testing a self-signed certificate is adequate. You can generate one with the OpenSSL kit like so:

Generating the private key:

openssl genrsa -des3 -out server.key 1024

output:

Generating RSA private key, 1024 bit long modulus
.........................................................++++++
........++++++
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

enter a passphrase for your private key.

Generating the CSR (certificate signing request):

openssl req -new -key server.key -out server.csr

it will request details like this:

Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

it's fairly straightforward, the common name is your server's hostname as it says in brackets.

Generating the self signed certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Configuring SSL in httpd.conf for Apache:

SSLEngine on
SSLCertificateFile /path/to/generated/server.crt
SSLCertificateKeyFile /path/to/generated/server.key

(replace path appropriately with the path to your certificate and key)

Restart Apache:

apachectl restart

Apache will ask you for the passphrase to your key. If you think you will be shutting the server down a lot, you may want to remove the passphrase from the key so you can avoid entering it each time. If not, don't worry about it. If so, complete this step after step 2 (Generating the CSR):

cp server.key server.key.copy
openssl rsa -in server.key.copy -out server.key"