Getting SSL to work with MAMP Pro

This is a re-post of a blog entry from Rocketwerx

You would think this would be really easy, but it turns out that there’s no clear documentation on how to get MAMP Pro to work with SSL. Here’s the steps I went through that allowed me to get this working and even automatically enabled via the MAMP Pro GUI.

Setting it all up

First things first, you have to tell the MAMP Pro that you want the SSL configuration to start up when you start the servers. For this you have to use a little trick my buddy David Lewis told me about. In the GUI, under the Servers tab, hold down Option when you click the Apache tab. This will display a new hidden checkbox called SSL, now you can just enable this checkbox and it will trigger the SSL “If” blocks in the apache config.

Enable SSL in MAMP Pro GUI

Next, you need to switch your MAMP to use the regular HTTP port. By default the port under Server / General is configured with the default port of 8888. This needs to be a port under 1024, eg 80, for MAMP to run under a privileged account so the default SSL port of 443 can properly bind. Once you have these GUI changes made, it’s time to get down and dirty in the terminal.

Fire up your terminal of choice, mine is still iTerm even though the Terminal in leopard is much improved. Now you will need to navigate to MAMP’s apache configuration directory and make a couple of directories for your SSL certificate and key:

1.$ cd /Applications/MAMP/conf/apache
2.$ mkdir ssl_crt
3.$ mkdir ssl_key

Now your going to have to create a temporary testing SSL certificate:

1.$ openssl req -new -x509 -keyout /Applications/MAMP/conf/apache/ssl_key/server.key -out /Applications/MAMP/conf/apache/ssl_crt/server.crt -subj '/CN=Test-Only Certificate'

My openssl configuration required me to put in a passphrase during this process, but I didn’t want to have to enter that manually from the terminal everytime, so I removed the passphrase with this command:

1.$ cd /Applications/MAMP/conf/apache/ssl_key
2.$ openssl rsa -in server.key -out server.key

The existing MAMP ssl.conf file already points to these files so we are all good there, the last step I had to do was to update my SSL Document Root to point to the site I was testing with SSL. To do that just open up the ssl.conf file:

1.$ vi /Applications/MAMP/conf/apache/ssl.conf

And then you Edit the DocumentRoot path to point to the location of your site.

That should be it! Just stop and start your servers in the MAMP Pro GUI, and you should be prompted for a username/password. Just enter the data for a priveledged account and your server should start up with both HTTP and HTTPS enabled. Just point your browser to your local mamp install: https://localhost and you should see the default page from your SSL document Root

Possible Issues

The most common problem you are going to have with this procedure is the apache server not starting when you click the start button in the MAMP Pro GUI. There are several reasons this could happen, but the most likely is that you already have something else running that is listening on either port 80 or port 443. If you open up the Console from your Applications / Utilities folder, and look in the Console Messages window you should get a summary of what happened when MAMP tried to start up. An existing application already using a port typically shows up with something along the lines of:

1.8/11/08 11:18:12 AM [0x0-0x23023].de.living-e.mamppro[177] (48)Address already in use: make_sock: could not bind to address  [::]:80

First you should make sure you don’t have Web Sharing enabled in your System Preferences. This enables Leopard’s built in apache which runs on port 80 by default. If you already have that disabled you can track down the application using this port by typing the following command in the terminal:

1.$ sudo lsof -i :80

The port usages will be displayed, and you want to look for the COMMAND that is set to LISTEN on port 80:

01.COMMAND    PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
02.FileSyncA  569 rhuk   10u  IPv4 0x1a711270      0t0  TCP 10.0.1.199:50076->idisk.mac.com:http (CLOSED)
03.Safari     710 rhuk    6u  IPv4 0x18a6066c      0t0  TCP 10.0.1.199:50239->myskitch.com:http (CLOSE_WAIT)
04.httpd     1223 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
05.httpd     1225 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
06.httpd     1226 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
07.httpd     1227 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
08.httpd     1228 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
09.httpd     1271 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
10.httpd     1272 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
11.httpd     1274 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
12.httpd     1275 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
13.httpd     1276 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
14.httpd     1277 rhuk    3u  IPv6 0x1622fd90      0t0  TCP *:http (LISTEN)
15.PubSubAge 1350 rhuk    8u  IPv4 0x18a61e64      0t0  TCP 10.0.1.199:50171->idisk.mac.com:http (CLOSE_WAIT)

In this example the process called httpd is listening on this port already.


UPDATE:

Also, if you are using MAMP, it appears some ROOT CERTIFICATES are not available, causing CURL+PHP+SSL to not work.

Generate your own crt:

  1. ) Download: http://www.gknw.net/php/phpscripts/mk-ca-bundle.phps to c:\
  2. ) Open cmd and run: c:>php mk-ca-bundle.php
  3. ) Output should read: Downloading ‘certdata.txt’ …Done (140 CA certs processed).
  4. ) This file should be created: c:\ca-bundle.crt
  5. ) Move c:\ca-bundle.crt to php-sdk\src
  6. ) In example.php after instantiating the Facebook object,
    add Facebook::$CURL_OPTS[CURLOPT_CAINFO] = ‘path\to\php-sdk\src\ca-bundle.crt’;

Awesome! Got OSX 10.6.2 (snow leopard) to go to sleep on Dell Inspiron 1520

I finally got sleep to work on OSX 10.6.2 on my Dell Inspiron 1520.
So happy, now my productivity is that much better.  Don’t have to close all my applications and shutdown the computer.
Can just pause in middle of working on something and pick up where I left off.
The problem was all due to hardware on the USB ports that kept waking the laptop from sleep.  The USB UHCI/EHCI drivers were probably connected to USB BlueTooth or USB camera.
Follow the instructions here to fix USB UHCI/EHCI controller settings.  This requires you to set/modify your DSDT.AML file properly.
http://apocolipse.com/?p=14
Quartz/CI is working using NVResman & NVInject64.Quartz/CI is needed to make sure DVD Player and/or VLC will play video properly.

Get Sound to work on Fedora 12 Dell Mini 9

Sound doesn’t work correctly by default on Fedora 12 install.

Basically, make sure that

  1. blacklist.conf has the blacklist snd-pcsp line enabled (this is needed to disable the default “auto-detected” sound driver.
  2. From various sources online, add the correct reference to the “sound driver”

Edit /etc/modrobe.d/* to add options snd-hda-intel index=0 model=dell, then it did. Not sure why auto mode doesn’t work.

I added it to my LOCAL.CONF file.
Also, make sure PULSEAUDIO is installed to get access to the SOUND VOLUME CONTROL.

Some references where I found this info.

http://blogs.gnome.org/johncarr/2008/09/17/dell-inspiron-mini-9-first-thoughts/
http://forums.fedoraforum.org/showthread.php?t=206491


Virtual Screen / Display on Fedora 12 Dell Mini 9

After some websurfing, finally found how to change my Dell Mini 9 resolution.

The normal 1024×600 screen resolution is hard to do much development work on.

With Fedora 12, editting the XORG.CONF file does not seem to work.  Instead, you have to use XRANDR.

In my case, use

xrandr –fb 1600×1000 –output LVDS1 –panning 1600×1000 –scale 1×1

Voila!  Mouse will allow me to pan & move around my larger virtual screen size.

If you want your display to be configured when you “login” to Fedora, add the above line into your ~/.bash_profile or ~/.bash_rc configuration file.
This file is run at user login.


Installing Fedora 12 on my Dell Mini 9

For those that don’t know, Dell has a mini netbook that I picked up for $300.
Nice and compact.

Only problem is Fedora Linux does not work well with it included BCM wireless card.
Since I had a spare wireless card IWL4965 (from my Dell Inspiron 1520 laptop), I went ahead and popped that in.

And now, voila! I have Fedora 12 running with wireless card access.

http://episteme.arstechnica.com/eve/forums/a/tpc/f/96509133/m/559001567931


Starting to develop iPhone apps

Building iPhone apps is no small feat.  You have to be a good C/C++ programmer, you have to learn the Objective-C programming method, then learn the Cocoa frameworks.

But it’s great that a lot of people have created sample code and examples that showcase functionality.


Hello world!

Finally restarted my blog started.  Lots to share, just haven’t had the time to write.

Updates coming soon!


Opposing Attributes of Social Data

Last year Andreas Weigend taught Stats 252 at Stanford and shared the following list of opposing characteristics of data communication:

Structured Unstructured
Symmetric Asymmetric
Relevance Chronological
Synchronous Asynchronous
Searchable Not Searchable
Private Public
Broad Narrow
One-time Ongoing
Spontaneous Planned
Short-term Identity Persistent Identity
Push Pull

It’s always interesting to see the different startup companies focusing on different aspects of data.

There’s more to this list, so make a comment and add to this list.


Google Profiles & Future of User ID

Get a Vanity URL for your Google Profile Now

Read the article about Google’s vanity pages. Why do you think Google is doing this?
Imagine, through the signup process, they ask you to fill out personal information about your hobbies, interests, hometown, etc. Doesn’t that sound a lot like FaceBook profile?
Imagine the applications. Often people sign into Google b/c they’re checking email or doing a Google Search. This means Google can better target ads to you when you’re doing either of those actions.
Also, note they are asking you to “hook up” your other Google services that you use (like Picasa or YouTube). It’s like asking you to let them identify you when you are logged in at those places too. Then they can again push you more “relevant” material (i.e. ads).

Ever wonder what is wrong with US management?

Someone send this to me recently, and of all the jokes on Jokes of 2008, the following seems most interesting about US management.

General Motors versus Toyota

A Japanese company (Toyota) and an American company (General Motors) decided to have a canoe race on the Missouri River. Both teams practiced long and hard to reach their peak performance before the race.

On the big day, the Japanese won by a mile. The Americans, very discouraged and depressed, decided to investigate the reason for the crushing defeat. A management team made up of senior management was formed to investigate and recommend appropriate action. Their conclusion was the Japanese had 8 people rowing and 1 person steering, while the American team had 8 people steering and 1 person rowing.

Feeling a deeper study was in order, American management hired a consulting company and paid them a large amount of money for a second opinion. They advised, of course, that too many people were steering the boat, while not enough people were rowing.

Not sure of how to utilize that information, but wanting to prevent another loss to the Japanese, the rowing team’s management structure was totally reorganized to 4 steering supervisors, 3 area steering superintendents and 1 assistant superintendent steering manager. They also implemented a new performance system that would give the 1 person rowing the boat greater incentive to work harder. It was called the ‘Rowing Team Quality First Program,’ with meetings, dinners and free pens for the rower. There was discussion of getting new paddles, canoes and other equipment, extra vacation days for practices and bonuses.

The next year the Japanese won by two miles. Humiliated, the American management laid off the rower for poor performance, halted development of a new canoe, sold the paddles, and canceled all capital investments for new equipment. The money saved was distributed to the Senior Executives as bonuses and the next year’s racing team was outsourced to India.


Copyright 2009-2010 ZeroInverse.com