Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Enable https on 10.5's Apache2 web server UNIX
This short how-to explains how to get HTTPS/SSL working on Leopard, which uses apache2. First, follow the steps in this hint, but instead of following Step 5, do the following:
  • Edit /private/etc/apache2/httpd.conf, and uncomment the following line (it's line 473 in my installation):
    Include /private/etc/apache2/extra/httpd-ssl.conf
  • Edit /private/etc/apache2/extra/httpd-ssl.conf, and make sure that:
    • SSLCertificateFile points to newcert.pem
    • SSLCertificateKeyFile points to webserver.nopass.key
    • SSLCACertificateFile points to cacert.pem
    • SSLCARevocationPath points to demoCA/crl
    Be sure to include the full pathnames for each entry. Optionally, you can edit DocumentRoot to your liking. I point it to /Library/WebServer/Documents-SSL, so I have two roots, one for http and one for https.
After these steps, restart apache2. Preferably do this from the command line (sudo apachectl graceful), so that you can see if the configuration is accepted or not. After that, point your browser to https://localhost/, and marvel at https beauty.
    •    
  • Currently 2.79 / 5
  You rated: 1 / 5 (14 votes cast)
 
[32,308 views]  

10.5: Enable https on 10.5's Apache2 web server | 11 comments | Create New Account
Click here to return to the '10.5: Enable https on 10.5's Apache2 web server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Enable https on 10.5's Apache2 web server
Authored by: kioarthurdane on Jul 01, '08 07:31:17AM

For the life of me, I cannot get this to work.



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: steresi on Jul 03, '08 02:34:15PM

Where do the certificates come from that you're using? Don't you need to register an SSL certificate in order to use HTTPS?



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: ekampp on Dec 23, '08 05:39:59AM

@ kioarthurdane: That's not very descriptive, if you need help, you probably need to explain yourself a little more?!

@ steresi: As the article states, the certificates are created using the linked guide.



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: aalegado on Jun 24, '11 01:34:36PM

You can create "self-signed" certificates. I think Apache might ship with the utility to do this.

The resulting https: encryption is just as strong as if you bought a commercial certificate but for the fact that no one will recognize you as a SSL certificate provider which will cause most modern browsers to throw a certificate warning message which might cause a person to not browse your site.



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: ciacgi on Mar 02, '09 03:55:53PM

I can't get this to work either. I've followed it exactly twice and am wondering now if it is actually not compatible instructions for 10.5 as it says.

I even try tailing my logs and don't see issues when I restart apache, but it won't serve up https pages (it even kills http pages for that matter).



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: adamprall on Sep 30, '09 06:25:50PM
The problem with this hint is here:
SSLCACertificateFile
This path must read like this (not clearly specified above):
SSLCACertificateFile "/Users/yourusername/Documents/certs/demoCA/cacert.pem"

If you followed the instruction like I did, then the first time around you probably pasted in something like "/Users/yourusername/Documents/certs/your.domain.folder/cacert.pem" by mistake for that path.

---
Thinkingman.com New Media Hawaii

[ Reply to This | # ]

10.5: Enable https on 10.5's Apache2 web server
Authored by: adamprall on Sep 30, '09 06:26:52PM

By the way, this also works with 10.6.1!

---
Thinkingman.com New Media Hawaii



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: contactm on Dec 04, '11 04:15:44PM

Thank you for pointing this out. I missed this!



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: c-splat on Feb 05, '11 10:17:29AM
I had several minor issues implementing this hint and its parent -- I hope this information will help others.

1. You must use a consistent host name in these locations:
httpd.conf: ServerName
httpd-ssl.conf: ServerName
Step 3, Common Name (eg, YOUR name). You should enter your HOST NAME here, not your first and last name
In your browser's address bar when making requests for your SSL-encrypted pages.

I got lost trying to figure out if I was suppossed to use "localhost," "127.0.0.1," or "mymac.local" (replace "mymac" with your machine name as shown in your Sharing control panel where it says "Computers on your local network can access your computer at: mymachinename.local"

I set all these values to "mymac.local" because it seemed the most natural to use in the applications I am testing on my local machine.

2. In Step 1, when you are asked for your “Common Name”, you want to enter YOUR first and last name — not the server name or IP address. This certificate is not associated with your server — it’s associated with you. See http://developer.apple.com/internet/serverside/modssl.html

3. Above where it says "Make sure that... SSLCACertificateFile points to cacert.pem," I got sidetracked by not putting the demoCA directory in this path. It should read Make sure that... SSLCACertificateFile points to demoCA/cacert.pem"



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: unforeseen:X11 on Jun 24, '11 09:54:48AM

One step is missing: You also have to activate mod_ssl.so by uncommenting the respective LoadModule line in /etc/apache2/httpd.conf. Also works in 10.7 Lion.

---
this is not the sig you`re looking for.



[ Reply to This | # ]
10.5: Enable https on 10.5's Apache2 web server
Authored by: chaseholden on Jan 29, '12 02:05:41AM
BTW: here's where to do this with Snow Leopard and Lion OS 10.6 10.7+ , although this is for creating self signed certificates only, not as your own CA (certificate authority):

Configure SSL on Lion's Apache http://apple.stackexchange.com/questions/25434/configuring-ssl-with-apache-under-lion

...otherwise, the above instructions generate the following error on Lion's apache:

bash-3.2# /System/Library/OpenSSL/misc/CA.pl -signreq Using configuration from /System/Library/OpenSSL/openssl.cnf

Error opening CA private key ./demoCA/private/cakey.pem 16021:error:02001002:system library:fopen:No such file or directory:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:356:fopen('./demoCA/private/cakey.pem','r') 16021:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:358: unable to load CA private key Signed certificate is in newcert.pem


(the signed certificate it claims that it makes after all of those errors is, in fact, not valid nor legitimate. it has no functionality and is neither signed nor certified.
---
Merchant Service Group, Inc.


[ Reply to This | # ]