Space Cat, Prince Among Thieves

Using mkcert to Set Up Local SSL on macOS's Built in Apache

Comments:
1
Tags:
Walkthrough
SSL
MacOS
Mac OS X
Apache
By on

A little under a year ago I wrote a walkthrough: Set up a Self Signed Certificate on macOS's Built in Apache.

Recently a new tool showed up called mkcert has come and made life way easier.

It's a wonderful tool that instead of building Self-Signed Certificates, sets your local machine up with a certificate signing authority and creates valid certificates.

You can read more about how it works at the link above. Needless to say, the process is much less painful than creating self signed certificates.

Installing mkcert

The easiest way to install mkcert is via Homebrew.

Beyond mkcert we should also install nss which helps mkcert set up Firefox to respect its certificates.

$ brew install mkcert nss

Once that's complete, we need mkcert to set itself up as a signing authority on our local machine.

$ mkcert -install

Creating the Certificates

Once we have mkcert set up, the next step is to generate the certificates for the intended local domain(s).

You may include multiple domains or wildcard subdomains. You can find more information about mkcert's capabilities here.

$ mkdir /tmp/crt && cd /tmp/crt
$ mkcert local.example.com

You should get an output something like as follows

Using the local CA at "/Users/user/Library/Application Support/mkcert" ✨

Created a new certificate valid for the following names ????
 - "local.example.com"

The certificate is at "./local.example.com.pem" and the key at "./local.example.com-key.pem" ✅

Now that we have our certificate, we can move it into the apache /etc directory:

$ sudo mkdir /etc/apache2/ssl
$ sudo mv *.pem /etc/apache2/ssl

Apache Configuration

Next, all we need to do is configure Apache.

Follow the Apache Configuration section's instructions, stopping and returning here before the "Chrome / Safari Configuration" section on my previous post.

When you reach the portion about configuring your VirtualHosts, the only difference is the filenames will look more akin to this pattern: 

  SSLEngine on
  SSLCertificateFile "/private/etc/apache2/ssl/local.example.com.pem"
  SSLCertificateKeyFile "/private/etc/apache2/ssl/local.example.com-key.pem"

Unlike the prior walkthrough which restarted Apache with a reboot, we instead now only need to restart Apache.

$ sudo apachectl restart

And we're done! Unlike setting up a self signed certificate, we do not need to add anything to our keychain or browsers. We are ready to go, your certificate should work as expected.


Read More / Comment »

Recent Comments

GJ!
Link

Have you considered other mathematical shapes, like parabolas and hyperbolas? Great tool - thanks for your effort!
Link

Good job, same to https://tableconvert.com
Link

I am creating a 1301 diameter circle... The zoom is far too small for that... I have used this dozens of times over the years so thanks!
Link

After beating my head to against my desk, walls, laptop, and every single thing around me for a whole week, finally got the answer to the damn problem. Thank…
Link

Tag Cloud

Fun SSL PhpED Google PageRank .htaccess Extensions CSV Github Strange Behavior Git Code Snippet Tools JavaScript Mac OS X PHP Walkthrough MacOS Best Practice Criticism Apache Shell Scripting Productivity Commentary Scripts Encoding Composer Golang Excel Bugs CSS IDE