Archive

Archive for the ‘mod_ssl’ Category

Configuring Secure Virtual Host on Mac OS X

May 23, 2010 Leave a comment

I had requirement to test my Flex Application, which I build for Raileasy in Secure environment.
It was quite difficult to configure my Mac, as I couldn’t find a good post/ Blog or any article on it.
I asked few of my friends, who are using Mac for their development work and only Andy Allan gave me few tips and links:

Following are the articles helped me to set-up my Mac:
1) Mark Liyanage – article on Configuring mod_ssl on Mac OS X

2) Generating an SSL Certificate with Apache+mod_ssl

Here are the steps I took to configure my Mac (which are based on above articles):
First Open a terminal window and type in these commands:

  • sudo -s
  • cd /etc/apache2
  • mkdir ssl
  • chmod 700 ssl
  • cd ssl
  • gzip -c –best /var/log/system.log > random.dat
    (This step will create a file with the name and zip the file, which we will use to generate key)
  • openssl rand -rand file:random.dat 0

I was looking for a certificate to put on my local machine (which is self signed certificate) and to get that, here are the steps I took:
Issue following command in the already opened terminal window (which should be all in one line):

Before run the command get following questions answers ready:
***********
* Country Name (2 letter code) [AU]:GB
* State or Province Name (full name) [Some-State]:London
* Locality Name (eg, city) []:London
* Organization Name (eg, company) [Internet Widgits Pty Ltd]:Dev Co.
* Organizational Unit Name (eg, section) []:Development
* Common Name (eg, YOUR name) []:www.yourlocal.com
* Email Address []:admin@yourlocal.com
(It’s important that you enter the host name of your web server exactly as it will be used later on in the “Common Name” field, like http://www.yourlocal.com or ssl.yourlocal.com.)
***********
COMMAND to run in terminal window:
openssl req -keyout privkey-2010.pem -newkey rsa:1024 -nodes -x509 -days 365 -out cert-2010.pem

Make sure that “TextEdit” is not running, then type these lines into the terminal window:

  • chmod 600 privkey-2001.pem
  • chown root privkey-2001.pem

On Mac Snow – Apache comes with default config file for SSL
Open following files in any text editor

/etc/apache2/httpd.conf (main config file for Apache)
/etc/apache2/httpd-ssl.conf

1) In ssl.config file look for
VirtualHost definition
You would see like this:

But above setting didn’t work for me, I had to change it to like this, and I don’t know the reason though, but it worked:

Change the DocumentRoot to the right root for your web site.
You might need to Add Directory access rights for the document root:

allow from all
Options +Indexes

Find the following and change them with right path and file name:
SSLCertificateFile “/etc/apache2/ssl/cert-2001.pem”
SSLCertificateFile “/etc/apache2/ssl/cert-2001.pem”

Save the file

You need to un-comment following line in httpd.conf file
#Include /private/etc/apache2/extra/httpd-ssl.conf

Save the file

from terminal window

run pwd command and make sure you are at
/etc/apache2/

run following commands:
apachectl stop
apachectl start
Now your server will provide secure access to your website.

The one thing I didn’t understand was, by doing tis, all of my local website turned into secure websites.

But I was able to test my website under secure environment.

Thanks to the writers of above articles.

🙂