Creating a HTTPS secured site is simple even for virtual domains, it only requires a small change to your Apache configuration and the creation of a SSL certificate. You can always buy a certificate but for our simple solution we will create our own.
You need to startup a Terminal and issue the following commands:
cd /Library/Apache2/conf sudo openssl req -keyout privkey.pem -newkey rsa:2048 \ -nodes -x509 -days 365 -out certificate.pem
Answer the questions that appear as well as you can:
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:your.securewebserver.tld Email Address []:you@yourdomain.tld
The most important one is the ‘Common Name’, make sure that that is the same as the secure webserver name. The problem here is that if you want to use it for completely different domain names the end user will get a warning in his browser that it can’t match the certificate with the domain name. This certificate will be valid for a year (365 days).
Myself I use *.richard5.net and use subdomains (like mail.richard5.net and admin.richard5.net) to accommodate all my secure virtual needs.
This action should have created two files called ‘certificate/pem’ and ‘privkey.pem’.
Next we need to change our Apache configuration file called ‘/Library/Apache2/conf/httpd.conf’
Make sure the following line is uncommented:
LoadModule ssl_module modules/mod_ssl.so
Add the following lines to the configuration file, just place it somewhere before the Virtual hosts configuration we added earlier and after the Loadmodule statement we just uncommented.
<IfModule ssl_module> Listen 443 SSLCertificateFile /Library/Apache2/conf/certificate.pem SSLCertificateKeyFile /Library/Apache2/conf/privkey.pem SSLRandomSeed startup builtin SSLRandomSeed connect builtin NameVirtualHost *:443 </IfModule>
That’s it, now you can change any virtual domain into a HTTPS domain. If you want to change www.site1.com from the previous example into a secure HTTPS virtual server you just need to change the configuration for the site from the original:
<VirtualHost your.external.ip.address:80> DocumentRoot /Library/Apache2/htdocs/site1.com ServerName www.site1.com ServerAdmin webmaster@site1.com ErrorLog logs/site1.com.error_log CustomLog logs/site1.com.access_log combined </VirtualHost>
Into the secure version:
<VirtualHost your.external.ip.address:443> DocumentRoot /Library/Apache2/htdocs/site1.com SSLEngine on ServerName www.site1.com ServerAdmin webmaster@site1.com ErrorLog logs/site1.com.error_log CustomLog logs/site1.com.access_log combined </VirtualHost>
Please note, this is a simple way to achieve security for personal domains. If the Common name from the creation of the certificate does not match the domain name in the browser the end user will get a warning from the browser stating that it can’t match the certificate with the domain. If the user however accepts this he/she will still have a secure connection.