There are occasions where certain pieces of development work require an SSL connection on your local environment in order to test the code. Examples of this might be testing payment integrations with a specific payment provider. This is where you’ll need to set up a self-signed certificate in MAMP. Here is how you do so on a Mac.
This is easily done within the PRO version, however the free version of MAMP requires a few steps to set up an SSL connection.
First of all, You’ll need to generate a private key, CSR (Certificate Signing Request) and a certificate file using the following commands.
When generating the private key, you’ll be asked to create a passphrase. Make a note of it as this will be needed for when generating the CSR.
# Generate a private key
$ openssl genrsa -des3 -out server.key 2048
When generating the CSR, you can use the example information below to help create it. Please note that the Common Name
value should match the name of the domain name you’re using for your local environment. So if your local domain is called domain.local
, then use that as the Common Name
# Generate a CSR
$ openssl req -new -key server.key -out server.csr
# When prompted for the password, use the one from the private key
# Answer the questions, use "localhost" for your Common Name
Country Name: US
State Name: California
Locality: My City
Organization: My Company
Organization Unit Name: # leave blank
Common Name: domain.local
Email address: email@example.com
A challenge password: # leave blank
An optional company name: # leave blank
Now you’ll be able to generate the certificate.
$ openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt -sha256 -extfile v3.ext
Before running the above command, the extra parameter, -sha256 -extfile v3.ext
is used to supply the Google Chrome browser the SubjectAltName
field required in Chrome version 58 and higher (for more information, see this link: https://textslashplain.com/2017/03/10/chrome-deprecates-subject-cn-matching/).
With that said, create a v3.ext
file within the same directory as the private key and CSR.
Add the following contents within the file:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = domain.local
Once again note that the DNS.1
alt_name value should match the Common Name used when generating the CSR.
Save the file and run the command above to generate a certificate file.
Lastly, remove the password requirement from the private key.
$ cp server.key server.tmp
$ openssl rsa -in server.tmp -out server.key
Now we need to copy over the .crt
and .key
files into a MAMP-related directory, so place both of those files within /Applications/MAMP/conf/apache
.
Now, open up the Keychain Access
application on your Mac and drag your certificate .crt
file into the Certificates
category within Keychain Access.
You should see your certificate (named after your Common Name) within the list of certificates. Right click the certificate, and click on Get Info
.
Change the When using this certificate
dropdown from Use System Defaults
to Always Trust
and close the window.
This will get the browsers to ‘trust’ the self-signed certificate and prevent an insecure page warning from appearing.
Now, within MAMP’s httpd.conf
file, located within /Applications/MAMP/conf/apache
, locate the Secure (SSL/TLS) Connections
line and uncomment the line below it by removing the hash (#).
# Change the below line
#Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
# To this
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
Within the httpd-ssl.conf
, located in the directory specified above, add in the <VirtualHost>
configuration similary to how you have set up your domain within the httpd-vhosts.conf
file.
Note that the configuration specified in httpd-ssl.conf
also contains the paths to the .crt
and .key
files we generated earlier.
The configuration might look similar to the below.
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /Applications/MAMP/conf/apache/server.crt
SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key
DocumentRoot "/Users/MyUser/Desktop/websites/domain.local"
ServerName domain.local:443
ServerAlias www.domain.local:443
DocumentRoot "/Users/MyUser/Desktop/websites/domain.local"
</VirtualHost>
Restart the servers within MAMP, and head to your domain using HTTPS and you should notice the SSL certificate is working correctly!