SSL Certificates and MAMP PRO (or MAMP!)

Network Security IconIf you have a computer that runs Apple’s OS X operating system, and have anything to do with websites, then you have likely come across MAMP and MAMP PRO. It’s a wonderful system, and I showed some love to MAMP by upgrading to the pro version.

But, one thing has always bugged me. Using non-self signed SSL certificates is a complete nightmare. Most of the time you just give up because it takes such a long time to sort out.

When I tried to use a non-self signed certificate with MAMP PRO, adding the certificate resulted in apache being unable to start.

This appears is the result of one thing. For security reasons the private key you have with any SSL certificate has been encrypted using a password. However, there is no way of providing this password to MAMP so apache doesn’t know how to handle the certificate and gives up.

So. How do you fix this problem?

Well it’s as simple as 1, 2, 3, 4.

1. Open the terminal.

2. Navigate to where the non-self signed certificate (.crt) and private key (.key) files can be found. (Using ls to view the contents of the folder you are in, and cd to move between the different folders.

3. Type in the following command into terminal; replacing [EXISTING PRIVATE KEY FILENAME] with the filename for the current (secured) private key, and replacing [NEW PRIVATE KEY FILENAME] with the filename where you would like the new (not secured) private key stored.

openssl req -new -key [YOUR PRIVATE KEY FILENAME HERE] -out [A FILENAME FOR THE NEW PRIVATE KEY]

4. Type in the password for the private key file.

The OpenSSL application will then save a new copy of the private key, without a password encrypting it with the filename you gave it. Now you can add it to MAMP PRO (or MAMP) in the usual way without any problems, and apache will start right up!

WARNING: THIS PROCEDURE WILL REMOVE THE ENCRYPTION TECHNIQUE USED TO HELP SECURE SSL CERTIFICATES USED ON THE INTERNET AND IS ONLY DESIGNED TO BE USED ON CERTIFICATES WHICH WILL NOT BE USED ANYWHERE ELSE EXCEPT WITHIN THE MAMP APPLICATION. YOU SHOULD USE THE PASSWORD PROTECTED PRIVATE KEY FILE FOR EVERYTHING OUTSIDE OF THIS ONE VERY SPECIFIC PURPOSE TO ENSURE THAT THE HIGHEST POSSIBLE SECURITY IS MAINTAINED FOR YOU AND YOUR SSL CERTIFICATES.