Update 11-12-2013: According to a commenter this process also works for OSX 10.9 Mavericks.
I have recently upgraded to OSX Lion from Snow Leopard, whilst setting up my development environment I needed to configure the built in Apache server to support SSL. Below are instructions on what needed to be done. Please note that the below is based on a clean install of OSX 10.7.2 and if you did an upgrade or are running a different version of Lion then the instructions below may need to be tweaked to suit your setup.
Generate a host key
First off we’ll make a home for the new SSL files. I used /private/etc/apache2/ssl. We need to change to the new directory and then run a ssh-keygen command to create the server key file. Open up a terminal window and enter the commands below. Please note that you shouldn’t set a pass phrase on the certificate, just leave this blank when it asks for a pass phrase.
|
1
2
3
|
mkdir
/
private
/
etc
/
apache2
/
ssl
cd
/
private
/
etc
/
apache2
/
ssl
sudo
ssh
-
keygen
-
f
server
.
key
|
Generate a certificate request file
This command creates a certificate request file. A certificate request file contains information about your organisation that will be used in the SSL certificate. You will be asked various questions, fill these in as appropriate or leave blank.
|
1
|
sudo
openssl
req
-
new
-
key
server
.
key
-
out
request
.
csr
|
Create the SSL certificate
Create a self signed SSL certificate using the request file.
|
1
|
sudo
openssl
x509
-
req
-
days
365
-
in
request
.
csr
-
signkey
server
.
key
-
out
server
.
crt
|
Configure Apache
Create a backup of /private/etc/apache2/httpd.conf.
In /private/etc/apache2/httpd.conf, make sure the SSL module is enabled (remove the # from the start of the line)
|
1
|
LoadModule
ssl_module
libexec
/
apache2
/
mod_ssl
.
so
|
In the same file search for the below line and uncomment it (remove the #)
|
1
|
Include
/
private
/
etc
/
apache2
/
extra
/
httpd
-
ssl
.
conf
|
Edit /private/etc/apache2/extra/httpd-ssl.conf, search for the lines that start with SSLCertificateFile, SSLCertificateKeyFile and update them to match the below:
|
1
2
|
SSLCertificateFile
"/private/etc/apache2/ssl/server.crt"
SSLCertificateKeyFile
"/private/etc/apache2/ssl/server.key"
|
In the same file comment out (add a # to the beginning of the line) the lines that start with SSLCACertificatePath and SSLCARevocationPath
Configure the vhosts
In /private/etc/apache2/httpd.conf, search for the below line and uncomment it (remove the #)
|
1
|
Include
/
private
/
etc
/
apache2
/
extra
/
httpd
-
vhosts
.
conf
|
Now open /private/etc/apache2/extra/httpd-vhosts.conf and add the line below under the port 80 NameVirtualHost directive
|
1
|
NameVirtualHost
*
:
443
|
Now you can configure a basic SSL vhost by adding the code below to the end of the file. Please note that for the DocumentRoot you should replace it with a real path.
|
1
2
3
4
5
6
7
8
|
<
VirtualHost
*
:
443
>
SSLEngine
on
SSLCipherSuite
ALL
:
!
ADH
:
!
EXPORT56
:
RC4
+
RSA
:
+
HIGH
:
+
MEDIUM
:
+
LOW
:
+
SSLv2
:
+
EXP
:
+
eNULL
SSLCertificateFile
/
private
/
etc
/
apache2
/
ssl
/
server
.
crt
SSLCertificateKeyFile
/
private
/
etc
/
apache2
/
ssl
/
server
.
key
ServerName
localhost
DocumentRoot
"/some/website/directory/"
<
/
VirtualHost
>
|
Check the config and restart Apache
|
1
2
|
sudo
apachectl
configtest
sudo
apachectl
restart
|