Mac os localhost ssl

How to set up HTTPS on localhost for macOS

Jun 11, 2017 · 2 min read

tl:dr: you can copy/paste this script in your command line and just be done with it.

SSL is needed on localhost to use some browser features, like Speech Recognition. Getting it set up is tough because many articles (rightly) explain concepts and ideas behind why you do something, but they miss explaining the how. This article explains how, and doesn’t worry about any of the whys. So, without further ado:

Generating the keys

1. Make a .localhost-ssl folder in your home directory. Do this by opening a command line (Terminal, iTerm, …) and typing cd

/ . Once there, create the folder by typing mkdir .localhost-ssl .

Next, we need to create a self signed key and certificate(understanding of these files not required). Do this by typing (you’ll be asked to type in your password):

3. Now, copy and paste this code. It will create a certificate for you:

4. Finally, you need to add these keys to the Keychain.app. Do it with:

Starting a server

No w that you have your certificate and key, you need to start a server with https. It’s easiest to use the very fine npm package http-server . Install it with npm install -g http-server .

Once installed, open up your .bash_profile in a text editor. If you use Atom, type this in your command line: atom

/.bash_profile . Then save this function inside it:

This function starts an http-server with the credentials you set above.

Head back to your command line, type source

/.bash_profile , then navigate to the root directory of a project of yours. Now all you have to type is https-server and you have a fancy https server running on localhost ✨

Источник

Use an SSL certificate in macOS Server

The server can use an SSL certificate to identify itself electronically and communicate securely with users’ computers and other servers on the local network and the Internet.

You can use the self-signed certificate created for your server when you set it up, or a self-signed certificate you created. However, users’ apps won’t trust self-signed certificates and will display a messages asking if the user trusts your certificate. Using a signed certificate relieves users from the uncertainty and tedium of manually accepting your certificate in these messages. A man-in-the-middle spoofing attack is possible with a self-signed certificate.

Select Certificates in the Server app sidebar.

To use one certificate for all services, choose a certificate from the “Secure services using” pop-up menu.

To use different certificates for each service, choose Custom from the “Secure services using” pop-up menu, then choose an available certificate for each service.

If the pop-up menu doesn’t contain certificates, create a self-signed certificate. For instructions, see Create a self-signed certificate in macOS Server.

To use a previously generated SSL certificate, import it.

To disable secure connections, choose None.

Источник

Mkcert: валидные HTTPS-сертификаты для localhost

В наше время использование HTTPS становится обязательным для всех сайтов и веб-приложений. Но в процессе разработки возникает проблема корректного тестирования. Естественно, Let’s Encrypt и другие CA не выдают сертификаты для localhost.

Традиционно есть два решения.

Самоподписанные сертификаты, сгенерированные через openssl или др. Вот самый простой способ сгенерировать приватный ключ и самоподписанный сертификат для localhost:

Но такой сертификат вызовет ошибки доверия в браузерах, потому что в доверенном хранилище отсутствует соответствующий центр сертификации.

Трюк с регистрацией нового домена типа localhost.example.com, который локально ресолвится в 127.0.0.1 (в /etc/hosts), с получением обычного сертификата для данного домена. Но такая махинация сомнительна с точки зрения безопасности — по крайней мере, для публичных сервисов подобный ресолвинг делать крайне не рекомендуется из-за возможной MiTM-атаки со сменой на враждебный IP-адрес. Если ограничиться только локальной машиной, то может это и подходящий вариант, хотя тоже возникают некоторые сомнения. К тому же, такой сертификат могут отозвать. В любом случае, есть вариант проще и безопаснее (см. ниже).

Речь идёт о mkcert — простой утилите для генерации локально-доверенных сертификатов с собственным центром сертификации. Она работает под всеми ОС и не требует какой-то конфигурации.

Версия для Linux

Сначала нужно установить certutil .

или собрать из исходников:

Версия для macOS

Версия для Windows

Под Windows можно скачать собранные бинарники либо воспользоваться одним из пакетных менеджеров: Chocolatey или Scoop.

Наличие локального центра сертификации — самое важное принципиальное отличие mkcert от openssl и самоподписанных сертификатов, потому что при запуске такого CA локально не возникает никаких ошибок доверия.

В принципе, запустить и настроить собственный CA можно и другими средствами, но это требует нетривиальных знаний и навыков. Здесь всё делает само собой, без всяких дополнительных ключей и настроек. Просто устанавливаем программу — и она автоматически создаёт локальный центр сертификации и прописывает его в доверенное хранилище системы и доверенное хранилище Firefox.

Источник

ethicka / localhost-ssl.md

Local virtualhost SSL websites on Mac OS Sierra

These instructions will guide you through the process of setting up a wildcard SSL for your local virtualhosts for offline development. Most importantly, this configuration will give you the happy, green lock in Chrome.

These instructions have only been tested on Mac OS Sierra using the pre-installed Apache and PHP versions. These instructions also assume you have virtualhosts set up locally already.

In Terminal, create a SSL directory where domain is the name of your domain.

Edit domain.conf and add the following configurations.

You can add any additional localhosts you want to have protected by this certificate. Under [alt_names] add additional DNS.X where X is in iterative number and add whatever ServerName or ServerAlias you want protected.

In Terminal generate Certificate Requests using the OpenSSL configuration. Replacing the defaults in the -subj variable as you see fit.

Finally, add the later SSL certificate to Keychain Access. I recommend backing up System.keychain before doing this.

Setting up a Trusted Virtual Host

In Terminal, edit the Apache configuration.

Within your editor, uncomment the following lines to enable modules required by HTTPS and include httpd-ssl.conf .

Open your virtualhost file (e.g. httpd-vhosts.conf or /etc/apache2/virtualhosts/virtualhost ) and add a 443 VirtualHost name and localhost Directive at the end of the file, replacing username with your user name. This assuming you have already configured as well, but not required if you’ll only ever use SSL.

In Terminal check your configuration:

If there aren’t any issues or you resolved them, then restart Apache:

Now, in a web browser, visit https://domain. The domain should appear trusted.

This comment has been minimized.

Copy link Quote reply

rlaurente commented Jul 12, 2017

It’s not working on my end. I think you are missing this part

generating apache2 keys
sudo openssl genrsa -out /etc/apache2/server.key 2048
sudo openssl req -new -key /etc/apache2/server.key -subj «/C=/ST=/L=/O=/CN=/emailAddress=/» -out /etc/apache2/server.csr
sudo openssl x509 -req -days 365 -in /etc/apache2/server.csr -signkey /etc/apache2/server.key -out /etc/apache2/server.crt

generating domain key
sudo openssl genrsa -out /etc/apache2/ssl/domain/domain.key 2048

This comment has been minimized.

Copy link Quote reply

ethicka commented Sep 5, 2017

This comment has been minimized.

Copy link Quote reply

mvaneijgen commented Dec 14, 2017

I get unable to find ‘distinguished_name’ in config with the command sudo openssl req -new -key /etc/apache2/ssl/domain/domain.key.rsa -subj /CN=domain.dev -out /etc/apache2/ssl/domain/domain.csr -config /etc/apache2/ssl/domain/domain.conf

This comment has been minimized.

Copy link Quote reply

macdonaldr93 commented Dec 24, 2017

Worked for me! Thank you.

Only additional step I had to do was add my certs to /etc/apache2/extra/httpd-ssl.conf .

• Add SSLCertificateFile
• Add SSLCertificateKeyFile

This comment has been minimized.

Copy link Quote reply

mapicard commented Jun 7, 2018

Not enough thumbs up for this post.
And thanks for leaving the revisions, they were very helpful for me.

This comment has been minimized.

Copy link Quote reply

javierojeda94 commented Sep 19, 2018

Worked for me as well!

Just as @macdonaldr93, I had to update my /etc/apache2/extra/httpd-ssl.conf file to add the generated .crt and .key files

This comment has been minimized.

Copy link Quote reply

kshitijdeota commented Oct 18, 2018

Not enough thumbs up for this post.
And thanks for leaving the revisions, they were very helpful for me.

I second that! Thanks a ton @ethicka @macdonaldr93 !

This comment has been minimized.

Copy link Quote reply

petenice commented Feb 27, 2020

Thank you, this was very helpful

This comment has been minimized.

Copy link Quote reply

jun-gh commented Mar 24, 2020 •

Did not worked for me this time. I managed to get it working few years ago.
I updated from Sierra to Mojave.
Need help. TIA

This comment has been minimized.

Copy link Quote reply

RickHorowitz commented Sep 26, 2020

Firefox is not working correctly for me because it just keeps saying there is a security risk ahead, because the certificate is self-signed.

XXXXXX is where I’m putting the domain name, so if I were trying to go to https://cats.localhost, then XXXXXX would be cats.

I’ve looked at about six different web pages that talk about how to create SSL certificates for local development, and I’m getting nowhere. BTW, I had previously tried using MAMP Pro for development, but was limited on versions of MySQL, so I have been manually setting up the httpd and mysql servers.

I just cannot seem to get things working correctly, especially for https.

You can’t perform that action at this time.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.

Источник

nrollr / ApacheHTTPSConfig.md

Enable SSL in Apache (OSX)

The following will guide you through the process of enabling SSL on a Apache webserver

• The instructions have been verified with OSX El Capitan (10.11.2) running Apache 2.4.16
• The instructions assume you already have a basic Apache configuration enabled on OSX, if this is not the case feel free to consult Gist: «Enable Apache HTTP server (OSX)»

Apache SSL Configuration

Create a directory within /etc/apache2/ using Terminal.app: sudo mkdir /etc/apache2/ssl
Next, generate two host keys:

Create a configuration file using Terminal.app: sudo touch /etc/apache2/ssl/localhost.conf
Edit the newly created configuration file and add the following:

Generate the required Certificate Requests using Terminal.app:

Note: Complete the values C= ST= L= O= CN= to reflect your own organizational structure, where:

• C= eq. Country: The two-letter ISO abbreviation for your country.
• ST= eq. State or Province: The state or province where your organization is legally located.
• L= eq. City or Locality: The city where your organization is legally located.
• O= eq. Organization: he exact legal name of your organization.
• CN= eq. Common Name: The fully qualified domain name for your web server

Use the Certificate Requests to sign the SSL Certificates using Terminal.app:

Add the SSL Certificate to Keychain Access.

Источник