Creating a self-signed SSL cert for Mac OSx Mountain Lion & Apache

Generate a host key

First, make a home for the new SSL files. I use /etc/apache2/ssl. Open up a terminal window, cd to the new directory and issue the following command to create a host key file.

sudo ssh-keygen -f host.key 

Generate a certificate request file

This command create a certificate request file. A certificate request file contains information about your organization that will be used in the SSL certificate.

sudo openssl req -new -key host.key -out request.csr 

Create the SSL certificate

Create a self signed SSL certificate using the request file.

sudo openssl x509 -req -days 365 -in request.csr -signkey host.key -out server.crt 

Create a ‘nopass’ key

You need to create a ‘nopass’ key otherwise Apache will throw SSL errors that it can’t retrieve a passphrase from the host.

openssl rsa -in host.key -out host.nopass.key

Configure Apache

Create a backup of /etc/apache2/httpd.conf.

Append the contents of /etc/apache2/extra/httpd-ssl.conf to /etc/apache2/httpd.conf.

In /etc/apache2/httpd.conf, make sure the loading of SSL is enabled (remove the #)

LoadModule ssl_module libexec/apache2/ 

Also, edit SSL section (or in the /apache2/extra/httpd-ssl.conf file) to use the new certificate.

SSLEngine on 
SSLCertificateFile "/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/host.nopass.key"

Check the config and restart Apache to try the new certificate.

sudo apachectl configtest 
sudo apachectl restart 

2 Replies to “Creating a self-signed SSL cert for Mac OSx Mountain Lion & Apache”

Leave a Reply