macOS 10.15 Catalina Apache Setup: SSL

Third part in a multi-part blog series for Mac developers

3 minutes
Part 3: macOS 10.15 Catalina Web Development Environment

In Part 1 of this 2-part series, we covered configuring Apache on macOS Sierra 10.15 High to work better with your local user account, as well as the installation process for installing multiple versions of PHP. In Part 2, we covered installing MySQL, Virtual Hosts, APC caching, YAML, and Xdebug.

In this Part 3, we will cover getting your site setup with SSL support for this setup.

This guide is intended for experienced web developers. If you are a beginner developer, you will be better served using MAMP or MAMP Pro.


It is often important to be able to test your local site setup under SSL (e.g. There are a few steps that are needed to accomplish this with your Homebrew-based Apache setup. The first step is to make some modifications to your httpd.conf:

$ code /usr/local/etc/httpd/httpd.conf

In this file you should uncomment both the socache_shmcb_module, ssl_module, and also the include for the httpd-ssl.conf by removing the leading # symbol on those lines:

LoadModule socache_shmcb_module lib/httpd/modules/
LoadModule ssl_module lib/httpd/modules/
Include /usr/local/etc/httpd/extra/httpd-ssl.conf

Next we need to change the default 8443 port to the more standard 443 and comment out some sample code. So we need to open the SSL config file:

$ code /usr/local/etc/httpd/extra/httpd-ssl.conf


Listen 8443

replace it with:

Listen 443

then find:

<VirtualHost _default_:8443>

#   General setup for the virtual host
DocumentRoot "/usr/local/var/www"

and replace the 8443 references with 443 and note the commenting:

<VirtualHost _default_:443>

#   General setup for the virtual host
#DocumentRoot "/usr/local/var/www"

After saving this file, you should then open up your /usr/local/etc/httpd/extra/httpd-vhosts.conf to add appropriate SSL based virtual hosts.

$ code /usr/local/etc/httpd/extra/httpd-vhosts.conf

Here you can create a VirtualHost entry for each virtual host that you wish to provide SSL support for.

<VirtualHost *:443>
    DocumentRoot "/Users/your_user/Sites"
    ServerName localhost
    SSLEngine on
    SSLCertificateFile "/usr/local/etc/httpd/server.crt"
    SSLCertificateKeyFile "/usr/local/etc/httpd/server.key"

In this example we have created the VirtualHost for localhost, but it could be any of your existing or even a new VirtualHost. The important parts are the the 443 port, along with SSLEngine on and the SSLCertificateFile and SSLCertificateKeyFile entries that point to the certificate we now need to generate.


To get this all to work with Apache, we need to create a self-signed certificate that we have already referenced in the VirtualHost definition.

The following commands will often prompt you for information regarding the certificates. You should fill all the fields with sensible values, however, the Common Name should match the ServerName entry in your httpd-vhosts.conf file you just added.

First generate a key and certificate:

$ cd /usr/local/etc/httpd
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

Then all you need to do now is double check your Apache configuration syntax:

$ sudo apachectl configtest

If all goes well, restart Apache:

$ sudo apachectl -k restart

You can tail -f /usr/local/var/log/httpd/error_log, the Apache error log while you restart to see if you have any errors.

Now simply point your browser at https://localhost. If you are prompted about a self-signed certificate, in Chrome you can hit the Advanced option on that page and proceed while in Firefox you need to expand the I Understand the Risks and add as exception. This is due to the fact that the self-signed certificates are not signed by any authority and for this reasons the browsers add warnings about it. Although, since you are the one who created the certificate, you understand it's safe to accept it.