Space Cat, Prince Among Thieves

Using mkcert to Set Up Local SSL on macOS's Built in Apache

Comments:
1
Tags:
Walkthrough
SSL
MacOS
Mac OS X
Apache
By on

A little under a year ago I wrote a walkthrough: Set up a Self Signed Certificate on macOS's Built in Apache.

Recently a new tool showed up called mkcert has come and made life way easier.

It's a wonderful tool that instead of building Self-Signed Certificates, sets your local machine up with a certificate signing authority and creates valid certificates.

You can read more about how it works at the link above. Needless to say, the process is much less painful than creating self signed certificates.

Installing mkcert

The easiest way to install mkcert is via Homebrew.

Beyond mkcert we should also install nss which helps mkcert set up Firefox to respect its certificates.

$ brew install mkcert nss

Once that's complete, we need mkcert to set itself up as a signing authority on our local machine.

$ mkcert -install

Creating the Certificates

Once we have mkcert set up, the next step is to generate the certificates for the intended local domain(s).

You may include multiple domains or wildcard subdomains. You can find more information about mkcert's capabilities here.

$ mkdir /tmp/crt && cd /tmp/crt
$ mkcert local.example.com

You should get an output something like as follows

Using the local CA at "/Users/user/Library/Application Support/mkcert" ✨

Created a new certificate valid for the following names ????
 - "local.example.com"

The certificate is at "./local.example.com.pem" and the key at "./local.example.com-key.pem" ✅

Now that we have our certificate, we can move it into the apache /etc directory:

$ sudo mkdir /etc/apache2/ssl
$ sudo mv *.pem /etc/apache2/ssl

Apache Configuration

Next, all we need to do is configure Apache.

Follow the Apache Configuration section's instructions, stopping and returning here before the "Chrome / Safari Configuration" section on my previous post.

When you reach the portion about configuring your VirtualHosts, the only difference is the filenames will look more akin to this pattern: 

  SSLEngine on
  SSLCertificateFile "/private/etc/apache2/ssl/local.example.com.pem"
  SSLCertificateKeyFile "/private/etc/apache2/ssl/local.example.com-key.pem"

Unlike the prior walkthrough which restarted Apache with a reboot, we instead now only need to restart Apache.

$ sudo apachectl restart

And we're done! Unlike setting up a self signed certificate, we do not need to add anything to our keychain or browsers. We are ready to go, your certificate should work as expected.


Read More / Comment »

Recent Comments

I've defeated the Ender Dragon 16 times naturally and now I'm connecting all the portals together, this has helped me a lot with the diameter and scale, thank y…
Link

Fantastic. Thank you!
Link

An option to show numbers on the sides or return what I’ve begun to call the “pattern” (e.g: 7, 3, 2, 1, 1, 1, 2, 3, 7 for a diameter 29 circle) would mak…
Link

This is super useful! I’m building a wall and now a moat around my village and it’s really helped me out. Being able to set two circles and fill the area be…
Link

This is just brilliant - thanks so much!
Link

Tag Cloud

SSL Excel Google PageRank Composer .htaccess Extensions Github Productivity Strange Behavior Git Code Snippet Tools JavaScript Mac OS X PHP Walkthrough MacOS Best Practice Criticism Apache Shell Scripting Commentary Scripts CSV Encoding Golang PhpED Bugs Fun CSS IDE