Technical Notes

Using a self-signed certificate on a MacBook Pro 2023

2024-03-20

Creating a certificate of authority (CA)

From the terminal, enter the following commands:

cd ~/Documents/CertificatSSL
realpath
openssl req -x509 -nodes -new -sha256 -days 365 -newkey rsa:2048 -keyout "RootCA.key" -out "RootCA.pem" -subj "/C=CA/CN=localhost.local"
openssl x509 -outform pem -in "RootCA.pem" -out "RootCA.crt"

Defining the domains to include in the self-signed certificate

In the ~/Documents/CertificatSSL folder, create a text file titled VHostsDomain.ext and add the following information:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = macbp01.local
DNS.3 = macbp02.local

Creating a self-signed certificate

From the terminal, enter the following commands:

cd ~/Documents/CertificatSSL
realpath
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CA/ST=QC/L=Montreal/O=MacBookPro2023/CN=localhost.local"
openssl x509 -req -sha256 -days 365 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile VHostsDomain.ext -out localhost.crt

Enabling self-signed certificate in Apache server

Copy the files included in the CertificatSSL folder to the /opt/homebrew/etc/httpd/cert subdirectory.

cd ~/Documents/CertificatSSL
realpath
cp -r * /opt/homebrew/etc/httpd/cert

Open the httpd.conf file.

nano /opt/homebrew/etc/httpd/httpd.conf

In the httpd.conf file, activate the following modules:

LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
Include /opt/homebrew/etc/httpd/extra/httpd-ssl.conf

From the terminal, enter the following commands:

cd /opt/homebrew/etc/httpd/extra
realpath
cp httpd-ssl.conf httpd-ssl_bak.conf
nano httpd-ssl.conf

Edit the httpd-ssl.conf file as follows.

Search for:

Listen 8443

Replace with:

Listen 443

In the httpd-ssl.conf file, add the following virtual hosts:

<VirtualHost *:443> ServerName macbp01.local:443 ServerAdmin webmaster@macbp01.local DocumentRoot /Users/myusername/WebServers/macbp01/ ErrorLog "/opt/homebrew/var/log/httpd/macbp01.local-error_log" CustomLog "/opt/homebrew/var/log/httpd/macbp01.local-access_log" common SSLEngine on SSLCertificateFile "/opt/homebrew/etc/httpd/cert/localhost.crt" SSLCertificateKeyFile "/opt/homebrew/etc/httpd/cert/localhost.key" <Directory /Users/myusername/WebServers/macbp01/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost> <VirtualHost *:443> ServerName macbp02.local:443 ServerAdmin webmaster@macbp02.local DocumentRoot /Users/myusername/WebServers/macbp02/ ErrorLog "/opt/homebrew/var/log/httpd/macbp02.local-error_log" CustomLog "/opt/homebrew/var/log/httpd/macbp02.local-access_log" common SSLEngine on SSLCertificateFile "/opt/homebrew/etc/httpd/cert/localhost.crt" SSLCertificateKeyFile "/opt/homebrew/etc/httpd/cert/localhost.key" <Directory /Users/myusername/WebServers/macbp02/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>

Restart the Apache server:

apachectl configtest
sudo apachectl restart

Importing the certificate into Apple Keychains

From the terminal, enter the following command:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /opt/homebrew/etc/httpd/cert/RootCA.pem

Procedure to access Apple Keychains

From the MacBook Pro 2023:

• Click on Finder > Applications > Utilities > Keychain Access.
• Click on the button Keychain Access. The window Keychain Access appears.
• In the right column, click on the section System. The localhost.local certificate is listed.