How to get MAMP to work with SSL ... Yes really.

mamp.md

First of all you need to be able to run MAMP in port 80. This is a "heat check" if you don't have any process jamming http ports. You can check it like this:

sudo lsof | grep LISTEN

If you do happen to have any process with something like this *:http (LISTEN), you are in trouble. Before with adventure check if it isn't MAMP itself (yeah, you should close that beforehand)

ps <pid of that process>

If you don't see MAMP, you are in good hands, I have just the thing for you:

# I've forced the removal of the job
$ launchctl remove org.apache.httpd

# and load it again
$ launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

# and unload it again
$ launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

Now you should be able to use port 80 (and almost any other) in MAMP. Just go to MAMP > Preferences > Ports Tab and click the Set to default Apache and MySQL ports.

Now comes the easy part, you just have to follow what this guy wrote here. Well, that's copy that here just in case ...

1. Backup your /Applications/MAMP/conf/ dir.

2. Generate a (dummy) SSL Certificate

   $ cd ~
   
   # generate a private key (will request a password twice)
   $ openssl genrsa -des3 -out server.key 1024
    
   # generate certificate signing request (same password as above)
   $ openssl req -new -key server.key -out server.csr
    
   # Answer the questions
   Country Name (2 letter code) [AU]: CA
   State or Province Name (full name) [Some-State]: Quebec
   Locality Name (eg, city) []: Montreal
   Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company
   Organizational Unit Name (eg, section) []: Development
   Common Name (eg, YOUR name) []: localhost
   Email Address []: [email protected]
   A challenge password []: # leave this empty
   An optional company name []: # leave this empty
    
   # generate the certificate
   $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    
   # remove the password from the server key
   $ cp server.key server.tmp
   $ openssl rsa -in server.tmp -out server.key
    
   # Move the certificate into your MAMP apache configuration folder
   $ cp server.crt /Applications/MAMP/conf/apache
   $ cp server.key /Applications/MAMP/conf/apache
   

3. Open /Applications/MAMP/conf/apache/httpd.conf and uncomment Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf.

4. Keep your vhost in /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf just the same.

5. In /Applications/MAMP/conf/apache/extra/httpd-ssl.conf, find the following block and edit the fields Server Name and Document Root with the values you already have in your vhost.

   #   General setup for the virtual host
   DocumentRoot "/Applications/MAMP/Library/htdocs"
   ServerName www.example.com:443
   ServerAdmin [email protected]
   ErrorLog "/Applications/MAMP/Library/logs/error_log"
   TransferLog "/Applications/MAMP/Library/logs/access_log"
   and edit in your DocumentRoot and ServerName settings:
   

Happy secure MAMPing!

Meh, tried everything. Not working for me.

https://mijingo.com/blog/develop-ssl-sites-locally-with-mamp

Why not buy a MAMP Pro solution? 💃

I am currently running macOS 10.12.1 with a purchased version of MAMP Pro 4.1 and I am unable to get MAMP PRO running with an SSL so I tried your advice:
After checking to see if I have any processes running using: sudo lsof | grep LISTEN
I see that I am indeed "in trouble"
What steps should I take now? Thanks in advance.

Thanks for the tutorial. Works nicely for me.

MAMP Pro was easy to generate self-signed certs for each host. Except now Chrome v58 won't accept them them without subjectAltName being completed - Mamp seems to be generating certs with CommonName only which renders this Pro feature useless - having to make manual certs sigh.

I wondered what was going on there, thanks for the heads up @dhonions

How would I undo the changes stemming from the (dummy) SSL Certificate documented in your walkthrough? Ever since making these changes, I'm having issues navigating between http/https, even when MAMP isn't running.

This did not work for me. The encryption of the self-signed certificate wasn't strong enough and @dhonions mentioned, you need a subjectAltName. I figured out how to do this using a bunch of different sources. Here is my solution.

1. In the MAMP Preferences<Ports set Apache Port to 80
2. Run the following commands in the terminal:

$ openssl req -new -sha256 -key server.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com" -reqexts SAN -config <(cat /System/Library/OpenSSL/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:localhost")) -out server.csr
$ cp server.crt /Applications/MAMP/conf/apache
$ cp server.key /Applications/MAMP/conf/apache

3. Open /Applications/MAMP/conf/apache/httpd.conf and uncomment Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf. (Remove the number sign symbol at the beginning of that line)
4. Open /Applications/MAMP/conf/apache/extra/httpd-ssl.conf and replace everything within the <VirtualHost...> tags (it's a pretty big block of text) with the following code:

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /Applications/MAMP/conf/apache/server.crt
    SSLCertificateKeyFile /Applications/MAMP/conf/apache/server.key
</VirtualHost>

5. Hit Command (⌘) + Spacebar and type Keychain Access to open Keychain Access.
6. Click the lock and enter your password
7. Click System
8. Click File<Import Items
9. Browse to the server.crt file and import it.
10. You should see a localhost certificate appear. Right click it and select "Get Info". Then click "Trust" and set "When using this certificate" to "Always Trust."

Restart your browsers and open https://localhost. It should work.

For multiple local SSL vhosts/ServerNames:

In order for Apache to recognize different virual hosts over SSL you need to use NameVirtualHost and turn off "Strict SNI". Essentially, you need the following at the top of your httpd-ssl.conf file:

# Ensure that Apache listens on port 443
Listen 443
    
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

and then make sure each of your vhost nodes are declared with the following tag:

<VirtualHost *:443>

Note : The browser you're using also needs to support SNI.

All of this was taken from this page in the Apache docs:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Worked perfectly!

@jfloff thank you for the solution! I did it and it didn't fully work, until I changed on macOS Keychain Access as per @n8jadams 's comment. Thank you both! For anyone stuck -> I did everything in the main gist, then after it didn't work I did everything in @n8jadams comment from Step #4

@n8jadams I followed your steps but in chrome I am still getting a not secure red coloured icon instead of the nice green have you any ideas?

The missing step is to remember to add an http 80 host to your root https://becomethesolution.com/blogs/mac/fix-mamp-and-http-to-https-traffic-redirects

You lost me with steps 4 and 5.

find the following block and edit the fields Server Name and Document Root with the values you already have in your vhost.

My /Applications/MAMP/conf/apache/extra/httpd-vhosts.conf file looks like this... Would I copy those two rows over as they appear below?

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common

Thank you, worked perfectly and saved my butt!

Excellent! Thanks a million.

@dep I kept httpd.conf the same, changed httpd-ssl.conf's ServerName to localhost:443, and changed my httpd-ssl.conf's ServerAdmin to my work email address and I got SSL working. Then to get around a Chrome warning, I clicked Advanced, and then the option to proceed anyway.

Hi, for me it simply does not work, I continue to get the red light from Chrome (and from other apps and browsers).
I did everything, even steps as suggested by @ n8jadams but I still get "Subject Alternative Name missing" and "Certificate - missing", even if, when I click the "Not secure" red alert in the URL tab, it shows my certificate as "trusted for this account".
I'm on MACOSX 10.13.6, MAMP 5.1. Servers running and working in http://local on ports 80.
What to do to make it work in https? Can you suggest some verification steps?

@harunalikadic I have the same problem. Did you found a solution?

I am getting the cloudflare 522 error (timed out) when I access it through my domain name... but accessing it via the local ip works... accessing it through my public ip gives me "This site cant be reached" in Chrome

I am getting the cloudflare 522 error (timed out) when I access it through my domain name... but accessing it via the local ip works... accessing it through my public ip gives me "This site cant be reached" in Chrome

http works fine

Thanks, @n8jadams and @madebycaliper — Your powers combined helped me achieve https for localhost domains. I salute you two. 🎉 👍

@kevnk 🙌 glad this info continues to help!

@kevnk 👍 I salute you in response. 🙂 If there are any details, I'd be happy to edit my comment to make it more up to date.

I tried various solutions posted in this thread and had no joy (a long and frustrating process!). In the end this set of instructions worked for me, so maybe this will help someone:

https://stackoverflow.com/questions/44585919/self-signed-ssl-certificates-not-working-with-mamp-and-chrome

(copy/pasted in case it ever vanishes)

Chrome now requires SSL certificates to use the "Subject Alt Name" (SAN) rather than the old Common Name. This breaks self-signed certs previously generated by MAMP.

Fortunately, the workaround is pretty straightforward.

Here are all the steps from the very first moment of setting a host to be SSL in MAMP Pro. If you previously created SSL certificates in MAMP, then I've found that deleting them and starting again using this method works.

1. Create your hostname, eg. test.dev and select your document root

2. Click the SSL tab, and check the "SSL" box. Make sure you leave the other checkbox "Only allow connections using TLS protocols" unchecked.

Screenshot showing SSL panel in MAMP Pro

3. Click the "Create self signed certificate" button and fill in the popup form with the relevant details. Click "Generate" and save the certificate wherever you like. I just save mine in Documents > certificates

Screenshot of SSL certificate creation popup form in MAMP Pro

4. Save your changes in MAMP, and restart the servers.
5. Click the round arrow button beside "Certificate file" in the MAMP SSL panel (Show in Finder). Double click the .crt file that is highlighted - it should be named like your host, eg. if your host is test.dev then your certificate file will be test.dev.crt. This should open Keychain Access and you should see the new certificate in there.
6. Right click / Control click on the certificate, and choose "Get Info". Click the drop-down triangle beside "Trust"

Screenshot of Mac Keychain Access for certificate

7. From the "When using this certificate" selector, choose "Always Trust" - every selector should change to show "Always Trust". Close that window. It will ask for your Mac OS system password to make that change. You should see that the certificate icon shows a little blue plus sign icon over it, marking it as trusted.

enter image description here

8. Restart Chrome.
9. Visit your new hostname, and enjoy the green https in the browser bar.

Screenshot of https working in Chrome

I have done full option like your introduction but still only access to http://localhost. When I access to https://localhost.com, it will show like this: https://prnt.sc/r7vs5h. I hope someone here can help me resolve it.
Thanks

If anyone is interested, I put some work into Dockerizing a LAMP/PHP dev environment with https, and automating the cert generation in a bash script. It should serve nicely as a lightweight replacement to MAMP. Here's the repo. It's working with Mac and I'm open to PRs for other operating systems.

For anyone interested in making local certificates I like to use mkCert.

It doesn't work for me ... 😣

To use subjectAltName [SAN] in your certificate (needed by Chrome), you can generate you key and certificate like this : https://www.lopau.com/how-to-generate-a-self-signed-ssl-certificate-with-san/