August 15, 2018 — kyle.huynh205
Enable SSL in Apache of XAMPP (Mac OSX)
The following will guide you through the process of enabling SSL on a Apache webserver
- The instructions have been verified with OSX El Capitan (10.11.2) running Apache 2.4.16
- The instructions assume you already have a basic Apache configuration enabled on OSX, if this is not the case feel free to consult Gist: “Enable Apache HTTP server (OSX)“
Apache SSL Configuration
Create a directory within /Applications/XAMPP/xamppfiles/etc/ using Terminal.app: sudo mkdir /Applications/XAMPP/xamppfiles/etc/ssl
Next, generate two host keys:
sudo openssl genrsa -out /Applications/XAMPP/xamppfiles/etc/server.key 2048
sudo openssl genrsa -out /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key 2048
sudo openssl rsa -in /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key -out /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key.rsa
Create a configuration file using Terminal.app: sudo touch /Applications/XAMPP/xamppfiles/etc/ssl/localhost.conf
Edit the newly created configuration file and add the following:
[req]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = *.localhost
Generate the required Certificate Requests using Terminal.app:
sudo openssl req -new -key /Applications/XAMPP/xamppfiles/etc/server.key -subj "/C=/ST=/L=/O=/CN=/emailAddress=/" -out /Applications/XAMPP/xamppfiles/etc/server.csr
sudo openssl req -new -key /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key.rsa -subj "/C=/ST=/L=/O=/CN=localhost/" -out /Applications/XAMPP/xamppfiles/etc/ssl/localhost.csr -config /Applications/XAMPP/xamppfiles/etc/ssl/localhost.conf
Note: Complete the values C= ST= L= O= CN= to reflect your own organizational structure, where:
C=eq. Country: The two-letter ISO abbreviation for your country.ST=eq. State or Province: The state or province where your organization is legally located.L=eq. City or Locality: The city where your organization is legally located.O=eq. Organization: he exact legal name of your organization.CN=eq. Common Name: The fully qualified domain name for your web server
Use the Certificate Requests to sign the SSL Certificates using Terminal.app:
sudo openssl x509 -req -days 365 -in /Applications/XAMPP/xamppfiles/etc/server.csr -signkey /Applications/XAMPP/xamppfiles/etc/server.key -out /Applications/XAMPP/xamppfiles/etc/server.crt
sudo openssl x509 -req -extensions v3_req -days 365 -in /Applications/XAMPP/xamppfiles/etc/ssl/localhost.csr -signkey /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key.rsa -out /Applications/XAMPP/xamppfiles/etc/ssl/localhost.crt -extfile /Applications/XAMPP/xamppfiles/etc/ssl/localhost.conf
Add the SSL Certificate to Keychain Access.
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Applications/XAMPP/xamppfiles/etc/ssl/localhost.crt
Apache Configuration
Edit the Apache main configuration file /Applications/XAMPP/xamppfiles/etc/httpd.conf and enable the required modules to support SSL :
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
Enable Secure (SSL/TLS) connections
Include /private/Applications/XAMPP/xamppfiles/etc/extra/httpd-ssl.conf
Apache Virtual Host Configuration
Edit the Virtual Hosts file /Applications/XAMPP/xamppfiles/etc/extra/httpd-vhosts.conf and add the SSL Directive at the end of the file:
<VirtualHost *:443>
ServerName localhost
DocumentRoot "/Applications/XAMPP/xamppfiles/htdocs"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /Applications/XAMPP/xamppfiles/etc/ssl/localhost.crt
SSLCertificateKeyFile /Applications/XAMPP/xamppfiles/etc/ssl/localhost.key
<Directory "/Applications/XAMPP/xamppfiles/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>
Finally restart Apache using Terminal.app : sudo apachectl restart
Open Safari and visit https://localhost to verify your configuration.
Summary
sudo openssl genrsa -out /Applications/XAMPP/xamppfiles/etc/server.key 2048
sudo openssl genrsa -out /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.key 2048
sudo openssl rsa -in /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.key -out /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.key.rsa
sudo openssl req -new -key /Applications/XAMPP/xamppfiles/etc/server.key -subj "/C=CA/ST=ON/L=Toronto/O=dev/CN={{replaced DNS}}/emailAddress={{replaced email}}/" -out /Applications/XAMPP/xamppfiles/etc/server.csr
sudo openssl req -new -key /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.key.rsa -subj "/C=CA/ST=ON/L=Toronto/O=dev/CN={{replaced DNS}}/" -out /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.csr -config /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}-localhost.conf {{add new conf file for each domain }}
sudo openssl x509 -req -days 365 -in /Applications/XAMPP/xamppfiles/etc/server.csr -signkey /Applications/XAMPP/xamppfiles/etc/server.key -out /Applications/XAMPP/xamppfiles/etc/server.crt
sudo openssl x509 -req -extensions v3_req -days 365 -in /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.csr -signkey /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.key.rsa -out /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.crt -extfile /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}-localhost.conf {{add new conf file for each domain }}
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /Applications/XAMPP/xamppfiles/etc/ssl/{{replaced extension}}--localhost.crt