Set up a Self-signed Certificate in MAMP

There are occasions where certain pieces of development work require an SSL connection on your local environment in order to test the code. Examples of this might be testing payment integrations with a specific payment provider. This is where you’ll need to set up a self-signed certificate in MAMP. Here is how you do so on a Mac.

This is easily done within the PRO version, however the free version of MAMP requires a few steps to set up an SSL connection.

First of all, You’ll need to generate a private key, CSR (Certificate Signing Request) and a certificate file using the following commands.

When generating the private key, you’ll be asked to create a passphrase. Make a note of it as this will be needed for when generating the CSR.

# Generate a private key
$ openssl genrsa -des3 -out server.key 2048

When generating the CSR, you can use the example information below to help create it. Please note that the Common Name value should match the name of the domain name you’re using for your local environment. So if your local domain is called domain.local, then use that as the Common Name

# Generate a CSR
$ openssl req -new -key server.key -out server.csr
# When prompted for the password, use the one from the private key
# Answer the questions, use "localhost" for your Common Name
Country Name: US
State Name: California
Locality: My City
Organization: My Company
Organization Unit Name: # leave blank
Common Name: domain.local
Email address: email@example.com
A challenge password: # leave blank
An optional company name: # leave blank

Now you’ll be able to generate the certificate.

$ openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt -sha256 -extfile v3.ext

Before running the above command, the extra parameter, -sha256 -extfile v3.ext is used to supply the Google Chrome browser the SubjectAltName field required in Chrome version 58 and higher (for more information, see this link: https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/).

With that said, create a v3.ext file within the same directory as the private key and CSR.

Add the following contents within the file:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = domain.local

Once again note that the DNS.1 alt_name value should match the Common Name used when generating the CSR.

Save the file and run the command above to generate a certificate file.

Lastly, remove the password requirement from the private key.

$ cp server.key server.tmp
$ openssl rsa -in server.tmp -out server.key

Now we need to copy over the .crt and .key files into a MAMP-related directory, so place both of those files within /Applications/MAMP/conf/apache.

Now, open up the Keychain Access application on your Mac and drag your certificate .crt file into the Certificates category within Keychain Access.

You should see your certificate (named after your Common Name) within the list of certificates. Right click the certificate, and click on Get Info.

Change the When using this certificate dropdown from Use System Defaults to Always Trust and close the window.

Set up a Self-signed Certificate in MAMP

This will get the browsers to ‘trust’ the self-signed certificate and prevent an insecure page warning from appearing.

Now, within MAMP’s httpd.conf file, located within /Applications/MAMP/conf/apache, locate the Secure (SSL/TLS) Connections line and uncomment the line below it by removing the hash (#).

# Change the below line
#Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf

# To this
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf

Within the httpd-ssl.conf, located in the directory specified above, add in the <VirtualHost> configuration similary to how you have set up your domain within the httpd-vhosts.conf file.

Note that the configuration specified in httpd-ssl.conf also contains the paths to the .crt and .key files we generated earlier.

The configuration might look similar to the below.

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /Applications/MAMP/conf/apache/server.crt
    SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key
    DocumentRoot "/Users/MyUser/Desktop/websites/domain.local"
    ServerName domain.local:443
    ServerAlias www.domain.local:443
    DocumentRoot "/Users/MyUser/Desktop/websites/domain.local"
</VirtualHost>

Restart the servers within MAMP, and head to your domain using HTTPS and you should notice the SSL certificate is working correctly!