How to secure (HTTPS) your virtual domains

Creating a HTTPS secured site is simple even for virtual domains, it only requires a small change to your Apache configuration and the creation of a SSL certificate. You can always buy a certificate but for our simple solution we will create our own.

You need to startup a Terminal and issue the following commands:

cd /Library/Apache2/conf
sudo openssl req -keyout privkey.pem -newkey rsa:2048 \
  -nodes -x509 -days 365 -out certificate.pem

Answer the questions that appear as well as you can:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:your.securewebserver.tld
Email Address []:you@yourdomain.tld

The most important one is the ‘Common Name’, make sure that that is the same as the secure webserver name. The problem here is that if you want to use it for completely different domain names the end user will get a warning in his browser that it can’t match the certificate with the domain name. This certificate will be valid for a year (365 days).

Myself I use * and use subdomains (like and to accommodate all my secure virtual needs.

This action should have created two files called ‘certificate/pem’ and ‘privkey.pem’.

Next we need to change our Apache configuration file called ‘/Library/Apache2/conf/httpd.conf’

Make sure the following line is uncommented:

LoadModule ssl_module modules/

Add the following lines to the configuration file, just place it somewhere before the Virtual hosts configuration we added earlier and after the Loadmodule statement we just uncommented.

<IfModule ssl_module>
  Listen 443

  SSLCertificateFile /Library/Apache2/conf/certificate.pem
  SSLCertificateKeyFile /Library/Apache2/conf/privkey.pem

  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin

  NameVirtualHost *:443


That’s it, now you can change any virtual domain into a HTTPS domain. If you want to change from the previous example into a secure HTTPS virtual server you just need to change the configuration for the site from the original:

<VirtualHost your.external.ip.address:80>
   DocumentRoot /Library/Apache2/htdocs/
   ErrorLog logs/
   CustomLog logs/ combined

Into the secure version:

<VirtualHost your.external.ip.address:443>
   DocumentRoot /Library/Apache2/htdocs/
   SSLEngine on
   ErrorLog logs/
   CustomLog logs/ combined

Please note, this is a simple way to achieve security for personal domains. If the Common name from the creation of the certificate does not match the domain name in the browser the end user will get a warning from the browser stating that it can’t match the certificate with the domain. If the user however accepts this he/she will still have a secure connection.

Comments are closed, to find out why read this blogpost for the reason and directions to alternatives.