Space Cat, Prince Among Thieves

Using mkcert to Set Up Local SSL on macOS's Built in Apache

Comments:
1
Tags:
Walkthrough
SSL
MacOS
Mac OS X
Apache
By on

A little under a year ago I wrote a walkthrough: Set up a Self Signed Certificate on macOS's Built in Apache.

Recently a new tool showed up called mkcert has come and made life way easier.

It's a wonderful tool that instead of building Self-Signed Certificates, sets your local machine up with a certificate signing authority and creates valid certificates.

You can read more about how it works at the link above. Needless to say, the process is much less painful than creating self signed certificates.

Installing mkcert

The easiest way to install mkcert is via Homebrew.

Beyond mkcert we should also install nss which helps mkcert set up Firefox to respect its certificates.

$ brew install mkcert nss

Once that's complete, we need mkcert to set itself up as a signing authority on our local machine.

$ mkcert -install

Creating the Certificates

Once we have mkcert set up, the next step is to generate the certificates for the intended local domain(s).

You may include multiple domains or wildcard subdomains. You can find more information about mkcert's capabilities here.

$ mkdir /tmp/crt && cd /tmp/crt
$ mkcert local.example.com

You should get an output something like as follows

Using the local CA at "/Users/user/Library/Application Support/mkcert" ✨

Created a new certificate valid for the following names ????
 - "local.example.com"

The certificate is at "./local.example.com.pem" and the key at "./local.example.com-key.pem" ✅

Now that we have our certificate, we can move it into the apache /etc directory:

$ sudo mkdir /etc/apache2/ssl
$ sudo mv *.pem /etc/apache2/ssl

Apache Configuration

Next, all we need to do is configure Apache.

Follow the Apache Configuration section's instructions, stopping and returning here before the "Chrome / Safari Configuration" section on my previous post.

When you reach the portion about configuring your VirtualHosts, the only difference is the filenames will look more akin to this pattern: 

  SSLEngine on
  SSLCertificateFile "/private/etc/apache2/ssl/local.example.com.pem"
  SSLCertificateKeyFile "/private/etc/apache2/ssl/local.example.com-key.pem"

Unlike the prior walkthrough which restarted Apache with a reboot, we instead now only need to restart Apache.

$ sudo apachectl restart

And we're done! Unlike setting up a self signed certificate, we do not need to add anything to our keychain or browsers. We are ready to go, your certificate should work as expected.


Read More / Comment »

Recent Comments

wow .. thanks a lot, very useful!!
Link

``` cd /Library/Developer/CommandLineTools/Packages open macOS_SDK_headers_for_macOS_xx.pgk ``` Try this if you still missing C headers.
Link

Could you explain the math behind this? I’d really appreciate it!
Link

This is really handy in minecraft and many other games! thank you!!!
Link

I did exactly as you described in all steps but nothing seems to happen. Have no idea what's wrong, I have MacOS Mojave 10.14.4. When I go to http://local…
Link

Tag Cloud

SSL Excel Google PageRank Composer .htaccess Extensions Github Productivity Strange Behavior Git Code Snippet Tools JavaScript Mac OS X PHP Walkthrough MacOS Best Practice Criticism Apache Shell Scripting Commentary Scripts CSV Encoding Golang PhpED Bugs Fun CSS IDE