This is a re-post of a blog entry from Rocketwerx

You would think this would be really easy, but it turns out that there’s no clear documentation on how to get MAMP Pro to work with SSL. Here’s the steps I went through that allowed me to get this working and even automatically enabled via the MAMP Pro GUI.

Setting it all up

First things first, you have to tell the MAMP Pro that you want the SSL configuration to start up when you start the servers. For this you have to use a little trick my buddy David Lewis told me about. In the GUI, under the Servers tab, hold down Option when you click the Apache tab. This will display a new hidden checkbox called SSL, now you can just enable this checkbox and it will trigger the SSL “If” blocks in the apache config.

Enable SSL in MAMP Pro GUI

Next, you need to switch your MAMP to use the regular HTTP port. By default the port under Server / General is configured with the default port of 8888. This needs to be a port under 1024, eg 80, for MAMP to run under a privileged account so the default SSL port of 443 can properly bind. Once you have these GUI changes made, it’s time to get down and dirty in the terminal.

Fire up your terminal of choice, mine is still iTerm even though the Terminal in leopard is much improved. Now you will need to navigate to MAMP’s apache configuration directory and make a couple of directories for your SSL certificate and key:

1.$ cd /Applications/MAMP/conf/apache
2.$ mkdir ssl_crt
3.$ mkdir ssl_key

Now your going to have to create a temporary testing SSL certificate:

1.$ openssl req -new -x509 -keyout /Applications/MAMP/conf/apache/ssl_key/server.key -out /Applications/MAMP/conf/apache/ssl_crt/server.crt -subj '/CN=Test-Only Certificate'

My openssl configuration required me to put in a passphrase during this process, but I didn’t want to have to enter that manually from the terminal everytime, so I removed the passphrase with this command:

1.$ cd /Applications/MAMP/conf/apache/ssl_key
2.$ openssl rsa -in server.key -out server.key

The existing MAMP ssl.conf file already points to these files so we are all good there, the last step I had to do was to update my SSL Document Root to point to the site I was testing with SSL. To do that just open up the ssl.conf file:

1.$ vi /Applications/MAMP/conf/apache/ssl.conf

And then you Edit the DocumentRoot path to point to the location of your site.

That should be it! Just stop and start your servers in the MAMP Pro GUI, and you should be prompted for a username/password. Just enter the data for a priveledged account and your server should start up with both HTTP and HTTPS enabled. Just point your browser to your local mamp install: https://localhost and you should see the default page from your SSL document Root

Possible Issues

The most common problem you are going to have with this procedure is the apache server not starting when you click the start button in the MAMP Pro GUI. There are several reasons this could happen, but the most likely is that you already have something else running that is listening on either port 80 or port 443. If you open up the Console from your Applications / Utilities folder, and look in the Console Messages window you should get a summary of what happened when MAMP tried to start up. An existing application already using a port typically shows up with something along the lines of:

1.8/11/08 11:18:12 AM [0x0-0x23023].de.living-e.mamppro[177] (48)Address already in use: make_sock: could not bind to address  [::]:80

First you should make sure you don’t have Web Sharing enabled in your System Preferences. This enables Leopard’s built in apache which runs on port 80 by default. If you already have that disabled you can track down the application using this port by typing the following command in the terminal:

1.$ sudo lsof -i :80

The port usages will be displayed, and you want to look for the COMMAND that is set to LISTEN on port 80:

01.COMMAND    PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
02.FileSyncA  569 rhuk   10u  IPv4 0x1a711270      0t0  TCP 10.0.1.199:50076->idisk.mac.com:http (CLOSED)
03.Safari     710 rhuk    6u  IPv4 0x18a6066c      0t0  TCP 10.0.1.199:50239->myskitch.com:http (CLOSE_WAIT)
04.httpd     1223 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
05.httpd     1225 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
06.httpd     1226 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
07.httpd     1227 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
08.httpd     1228 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
09.httpd     1271 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
10.httpd     1272 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
11.httpd     1274 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
12.httpd     1275 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
13.httpd     1276 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
14.httpd     1277 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
15.PubSubAge 1350 rhuk    8u  IPv4 0x18a61e64      0t0  TCP 10.0.1.199:50171->idisk.mac.com:http (CLOSE_WAIT)

In this example the process called httpd is listening on this port already.


UPDATE:

Also, if you are using MAMP, it appears some ROOT CERTIFICATES are not available, causing CURL+PHP+SSL to not work.

Generate your own crt:

  1. ) Download: http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps to c:\
  2. ) Open cmd and run: c:>php mk-ca-bundle.php
  3. ) Output should read: Downloading ‘certdata.txt’ …Done (140 CA certs processed).
  4. ) This file should be created: c:\ca-bundle.crt
  5. ) Move c:\ca-bundle.crt to php-sdk\src
  6. ) In example.php after instantiating the Facebook object,
    add Facebook::$CURL_OPTS[CURLOPT_CAINFO] = ‘path\to\php-sdk\src\ca-bundle.crt’;