There are occasions where certain pieces of development work require an SSL connection on your local environment in order to test the code. Examples of this might be testing payment integrations with a specific payment provider. This is where you’ll need to set up a self-signed certificate in MAMP. Here is how you do so on a Mac.
This is easily done within the PRO version, however the free version of MAMP requires a few steps to set up an SSL connection.
First of all, You’ll need to generate a private key, CSR (Certificate Signing Request) and a certificate file using the following commands.
When generating the private key, you’ll be asked to create a passphrase. Make a note of it as this will be needed for when generating the CSR.
# Generate a private key $ openssl genrsa -des3 -out server.key 2048
When generating the CSR, you can use the example information below to help create it. Please note that the
Common Name value should match the name of the domain name you’re using for your local environment. So if your local domain is called
domain.local, then use that as the Common Name
# Generate a CSR $ openssl req -new -key server.key -out server.csr # When prompted for the password, use the one from the private key # Answer the questions, use "localhost" for your Common Name Country Name: US State Name: California Locality: My City Organization: My Company Organization Unit Name: # leave blank Common Name: domain.local Email address: firstname.lastname@example.org A challenge password: # leave blank An optional company name: # leave blank
Now you’ll be able to generate the certificate.
$ openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt -sha256 -extfile v3.ext
Before running the above command, the extra parameter,
-sha256 -extfile v3.ext is used to supply the Google Chrome browser the
SubjectAltName field required in Chrome version 58 and higher (for more information, see this link: https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/).
With that said, create a
v3.ext file within the same directory as the private key and CSR.
Add the following contents within the file:
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = domain.local
Once again note that the
DNS.1 alt_name value should match the Common Name used when generating the CSR.
Save the file and run the command above to generate a certificate file.
Lastly, remove the password requirement from the private key.
$ cp server.key server.tmp $ openssl rsa -in server.tmp -out server.key
Now we need to copy over the
.key files into a MAMP-related directory, so place both of those files within
Now, open up the
Keychain Access application on your Mac and drag your certificate
.crt file into the
Certificates category within Keychain Access.
You should see your certificate (named after your Common Name) within the list of certificates. Right click the certificate, and click on
When using this certificate dropdown from
Use System Defaults to
Always Trust and close the window.
This will get the browsers to ‘trust’ the self-signed certificate and prevent an insecure page warning from appearing.
Now, within MAMP’s
httpd.conf file, located within
/Applications/MAMP/conf/apache, locate the
Secure (SSL/TLS) Connections line and uncomment the line below it by removing the hash (#).
# Change the below line #Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf # To this Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
httpd-ssl.conf, located in the directory specified above, add in the
<VirtualHost> configuration similary to how you have set up your domain within the
Note that the configuration specified in
httpd-ssl.conf also contains the paths to the
.key files we generated earlier.
The configuration might look similar to the below.
<VirtualHost *:443> SSLEngine on SSLCertificateFile /Applications/MAMP/conf/apache/server.crt SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key DocumentRoot "/Users/MyUser/Desktop/websites/domain.local" ServerName domain.local:443 ServerAlias www.domain.local:443 DocumentRoot "/Users/MyUser/Desktop/websites/domain.local" </VirtualHost>
Restart the servers within MAMP, and head to your domain using HTTPS and you should notice the SSL certificate is working correctly!