Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to create a secure (HTTPS) OS X webserver' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to create a secure (HTTPS) OS X webserver
Authored by: davidw on Dec 29, '04 07:06:26PM

I have three questions:
1) Everything seemed to work untill I noticed that the result of Step 4 showed that the certificate was ONLY valid for 360 days (1 year), and not as entered in step 3; 3650 days (10 years). I have tried several times and I keep getting the same result. Anybody have a clue and advise?

2) When I get this all installed, will ALL pages served by the Mac Os X Apache server be run as SSL (https://blabla)?

3) Can people choose to see the same pages as normal non-ssl encrypted (http://blabla), depending on if they use the "s" after http in the url?

Your guide seems pretty simple compared to the documentation I have seen elseware for ssl implementation in Apache/mac osx. Looking forward to seeing working!

regards,
Davidw



[ Reply to This | # ]
How to create a secure (HTTPS) OS X webserver
Authored by: trixiemay on Mar 27, '05 05:55:39PM

Notes from newbie:

was trying to do above. all worked fine when i did local access via 127.0.0.1 but when i tried using external address it didn't work.

i'm assuming you have to manually add port 443 to sharing firewall (in addition to 80 & 427).

when i tried to add this via the SystemPreferences GUI, it wouldn't allow me to edit so i had to hack the Library/Preferences/...firewall.plist file manually.

anyone know why? anyways, hope this may be helpful to the next person.



[ Reply to This | # ]
How to create a secure (HTTPS) OS X webserver
Authored by: AnotherMarkj1 on Mar 27, '05 09:58:47PM

You should be able to add new ports to the firewall configuration in System Preferences by going to Sharing and pick the Firewall tab there. There's a New button there -- this produces a list of protocols, but you can select Other and enter a range of ports.



[ Reply to This | # ]
How to create a secure (HTTPS) OS X webserver
Authored by: marklark on Dec 04, '06 09:54:10AM

Checking/enabling the "Personal Web Sharing" box in the "Sharing" preference panel covers ports 80, 427, and 443 already -- at least in Mac OS X 10.4.8



[ Reply to This | # ]
Can people choose to see the same pages as normal non-ssl encrypted (http://blabla) ...
Authored by: Uncle Ward on Jun 14, '05 05:02:19PM

People can try to access your secure site with http://your site.com; however, you can keep them out with a little simple PHP code at the top of your secure site web pages:

$port=$_SERVER["SERVER_PORT"];
if($port<>"443") :
// insecure site code goes here
exit();
endif ;



[ Reply to This | # ]
365 days problem
Authored by: brian163 on Nov 25, '05 10:26:03PM

I had a similar problem and found at least a workaround if not the specific cause. Prior to this step, edit the /System/Library/OpenSSL/openssl.cnf file and change:
default_days = 365
to
default_days = 3650

Then the cert will reflect 10 years. I'm guessing the config file options take precendent over command line flags.



[ Reply to This | # ]
How to create a secure (HTTPS) OS X webserver
Authored by: knud_steven on Jul 04, '09 08:36:16PM
There is another reply regarding the expiry date that suggests changing the default_days in the OpenSSL config file; that can't hurt, but didn't do it for me. I had to edit sign.sh from the mod_ssl package and change default_days there as well. Using sign.sh is part of the instructions from http://developer.apple.com/internet/serverside/modssl.html




[ Reply to This | # ]