Reputation:
How do I fix my SSL configuration for local development with Apache?
I'm new to Apache servers and I'm setting up apache on my mac (Mojave) to do some local web development. I have my virtual host set up and I can navigate to the site test page I set up, but I get a warning that the connection is not secure. Ive gone through several tutorials and have made changes to httpd.config and httpd-ssl.config
I suspect the issue might also have something to do with the SSL certificate I am generating myself.
Error Log:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using Michaels-MacBook-Pro.local. Set the 'ServerName' directive globally to suppress this message
[Wed Nov 27 16:05:39.392449 2019] [ssl:warn] [pid 9207] AH01906: membersplash.mmdev:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Nov 27 16:05:39.392512 2019] [ssl:warn] [pid 9207] AH01909: membersplash.mmdev:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 27 16:05:39.394733 2019] [mpm_prefork:notice] [pid 9207] AH00163: Apache/2.4.34 (Unix) PHP/7.1.23 LibreSSL/2.5.5 configured -- resuming normal operations
[Wed Nov 27 16:05:39.394797 2019] [core:notice] [pid 9207] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Httpd.config
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
DocumentRoot /Users/USERNAME/Sites/WordPress/public/install/wordpress
ServerName membersplash.mmdev
ServerAlias www.membersplash.mmdev
SSLCertificateFile "/etc/apache2/ssl/rootCA.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/rootCA-key.pem"
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /Users/USERNAME/Sites/WordPress/public/install/wordpress
ServerName membersplash.mmdev
ServerAlias www.membersplash.mmdev
<VirtualHost
Upvotes: 0
Views: 2750
Answers (1)
Reputation: 168
You can just click advanced and then proceed to the site in chrome however, the security warning will not go away. This is something to do with the certificate being signed by a non-trusted authority (You)
You can get round it by doing a whole load of steps with key chain and browser settings updates however, there is a better way.
Checkout out this really cool tool called mkcert: https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
There explanation of how they get round the issue:
Here's the twist: it doesn't generate self-signed certificates, but certificates signed by your own private CA, which your machine is automatically configured to trust when you run mkcert -install. So when your browser loads a certificate generated by your instance of mkcert, it will show up with a green lock!
If you want to do it the manual way this article looks like it might help: https://www.robpeck.com/2010/10/google-chrome-mac-os-x-and-self-signed-ssl-certificates/
Upvotes: 0
Related Questions
- How do I allow HTTPS for Apache on 'localhost'?
- Set up HTTPS on localhost for macOS [mac os catalina 10.15.2]
- HTTPS on localhost not working
- How to configure SSL in Apache on local server in Linux?
- How to create a certificate for local development with SSL?
- Getting SSL working locally with Rails on OSX for development
- How to set up HTTPS for local testing purposes?
- how to properly enable SSL on localhost
- Use https on localhost xampp on mac
- Apache SSL config breaks HTTP