After all of the drama over Zoom’s use of a hidden web server on Macs, Apple itself has decided to step in, TechCrunch reports. Zoom is issuing a silent update — meaning your Mac will get it. OS X: You need only one tiny command to start a web server from any directory through OS X's terminal. If you've got a web site lying around and need to test it out, this is possibly the fastest.
Are you in need of a web server software for your projects? Looking for something with outstanding performance that suits your prerequisites? A web server is a software program which serves content (HTML documents, images, and other web resources) using the HTTP protocol. It will support both static content and dynamic content. Check these eight top rated web server software and get to know about all its key features here before deciding which would suit your project.
Related:
Apache
The Apache HTTP web Server Project is a push to create and keep up an open-source HTTP server for current working frameworks including UNIX and Windows. The objective of this anticipate is to give a safe, effective and extensible server that gives HTTP administrations in a state of harmony with the present HTTP benchmarks.
Virgo Web Server
The Virgo Web Server is the runtime segment of the Virgo Runtime Environment. It is a lightweight, measured, OSGi-based runtime that gives a complete bundled answer for creating, sending, and overseeing venture applications. By utilizing a few best-of-breed advances and enhancing them, the VWS offers a convincing answer for creating and convey endeavor applications.
Abyss Web Server
Abyss Web Server empowers you to have your Web destinations on your PC. It bolsters secure SSL/TLS associations (HTTPS) and in addition an extensive variety of Web innovations. It can likewise run progressed PHP, Perl, Python, ASP, ASP.NET, and Ruby on Rails Web applications which can be sponsored by databases, for example, MySQL, SQLite, MS SQL Server, MS Access, or Oracle.
Cherokee Web Server
Web Server For Mac Os X
All the arrangement is done through Cherokee-Admin, an excellent and effective web interface. Cherokee underpins the most across the board Web innovations: FastCGI, SCGI, PHP, uWSGI, SSI, CGI, LDAP, TLS/SSL, HTTP proxying, video gushing, the content storing, activity forming, and so on. It underpins cross Platform and keeps running on Linux, Mac OS X, and then some more.
Raiden HTTP
RaidenHTTPD is a completely included web server programming for Windows stage. It’s intended for everyone, whether novice or master, who needs to have an intuitive web page running inside minutes. With RaidenHTTPD, everybody can be a web page performer starting now and into the foreseeable future! Having a web page made with RaidenHTTPD, you won’t be surprised to see a great many guests to your web website consistently or considerably more
KF Web Server
KF Web Server is a free HTTP Server that can have a boundless number of websites. Its little size, low framework necessities, and simple organization settle on it the ideal decision for both expert and beginner web designers alike.
Tornado Web Server
Tornado is a Python web structure and offbeat systems administration library, initially created at FriendFeed. By utilizing non-blocking system I/O, Tornado can scale to a huge number of open associations, making it perfect for long surveying, WebSockets, and different applications that require a seemingly perpetual association with every client.
WampServer – Most Popular Software
This is the most mainstream web server amongst all the others. WampServer is a Windows web improvement environment. It permits you to make web applications with Apache2, PHP, and a MySQL database. Nearby, PhpMyAdmin permits you to oversee effortlessly your databases. WampServer is accessible for nothing (under GPML permit) in two particular adaptations that is, 32 and 64 bits.
What is a Web Server?
A Web Server is a PC framework that works by means of HTTP, the system used to disseminate data on the Web. The term can refer to the framework, or to any product particularly that acknowledges and administers the HTTP requests. A web server, in some cases, called an HTTP server or application server is a system that serves content utilizing the HTTP convention. You can also see Log Analyser Software
This substance is often as HTML reports, pictures, and other web assets, however, can incorporate any kind of record. The substance served by the web server can be prior known as a static substance or created on the fly that is alterable content. In a request to be viewed as a web server, an application must actualize the HTTP convention. Applications based on top of web servers. You can also see Proxy Server Software
Therefore, these 8 web servers are very powerful and makes the customer really satisfactory when used in their applications. Try them out and have fun programming!
Related Posts
How to create a secure (HTTPS) OS X webserver | 34 comments | Create New Account
Click here to return to the 'How to create a secure (HTTPS) OS X webserver' hint |
The following comments are owned by whoever posted them. This site is not responsible for what they say.
See, when my friends said to me, 'Why would you buy a Mac? You're already seriously guru-istic in both Windows AND Linux! Why bother?', I'd answer: 'Cause real geeks never stop learnin'!'
This is an excellently written article, and looks so much more complete and thorough than the Apache-SSL Howtos I've seen for Linux. They're so poorly written that I gave up trying to get SSL working on Apache fairly quickly. It wasn't something I REALLY needed, just something to play with. With your article, I saw three points where I made mistakes immediately.
Nicely done and thanks!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
This is an excellently written article, and looks so much more complete and thorough than the Apache-SSL Howtos I've seen for Linux. They're so poorly written that I gave up trying to get SSL working on Apache fairly quickly. It wasn't something I REALLY needed, just something to play with. With your article, I saw three points where I made mistakes immediately.
Nicely done and thanks!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
Thanks.
The biggest problem I had found with the Linux-based tutorials was that none of them were written with the OS X file hierarchy in mind. Sure, you can delve into the dark hidden corners of the /folder structure, but I wanted to put things in context with /Users/username as much as possible so that a year from now, you can go back and easily figure out what was done.
Out of curiosity, what points did you get wrong?
Cheers.
The biggest problem I had found with the Linux-based tutorials was that none of them were written with the OS X file hierarchy in mind. Sure, you can delve into the dark hidden corners of the /folder structure, but I wanted to put things in context with /Users/username as much as possible so that a year from now, you can go back and easily figure out what was done.
Out of curiosity, what points did you get wrong?
Cheers.
Um, offhand, the biggest problems were the creation of a cert authority and/or self-signing the cert. Also, the removal of the password from the cert. The howtos made this look a ton more complex than you did. I didn't feel like bothering with that much work for a minor pet project.
I'm going to use this tonight to see if I can get it working on my Linux box. I still use Apache, but primarily as a reverse-proxy to my internal network. I'm using SSL_Proxy to encrypt packets, but would prefer to just use Apache and be done with it. SSL_Proxy was setup in 5 minutes (including download and compile time), this makes it look like Apache should be as quick!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
I'm going to use this tonight to see if I can get it working on my Linux box. I still use Apache, but primarily as a reverse-proxy to my internal network. I'm using SSL_Proxy to encrypt packets, but would prefer to just use Apache and be done with it. SSL_Proxy was setup in 5 minutes (including download and compile time), this makes it look like Apache should be as quick!
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
I tried to follow this hint and once I was done and I restarted apache via sudo apachectl graceful I got the following error:
configuration broken, ignoring restart
/usr/sbin/apachectl graceful: (run 'apachectl configtest' for details)
Running configtest gives the following:
Processing config directory: /private/etc/httpd/users/*.conf
Processing config file: /private/etc/httpd/users/laubennd.conf
Processing config file: /private/etc/httpd/users/neil.conf
Processing config file: /private/etc/httpd/users/neill2.conf
Processing config file: /private/etc/httpd/users/ssl.conf
Syntax error on line 15 of /private/etc/httpd/users/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX' - see manual)
which tells me t hat the SSLCipherSuite is incorrect . . . I've double checked that I copied/pasted it exactly as in the hint.
Any ideas why it isn't working right?
configuration broken, ignoring restart
/usr/sbin/apachectl graceful: (run 'apachectl configtest' for details)
Running configtest gives the following:
Processing config directory: /private/etc/httpd/users/*.conf
Processing config file: /private/etc/httpd/users/laubennd.conf
Processing config file: /private/etc/httpd/users/neil.conf
Processing config file: /private/etc/httpd/users/neill2.conf
Processing config file: /private/etc/httpd/users/ssl.conf
Syntax error on line 15 of /private/etc/httpd/users/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX' - see manual)
which tells me t hat the SSLCipherSuite is incorrect . . . I've double checked that I copied/pasted it exactly as in the hint.
Any ideas why it isn't working right?
Good hint - nice & clear. In case anyone needs another set of insructions, the one I used when setting up ssl was this one :
http://developer.apple.com/internet/serverside/modssl.html
which was also pretty clear and easy to follow (although providing this alternative reminds me of the old adage, about someone who has 2 clocks never knowing the exact time... :-)
cheers
m
http://developer.apple.com/internet/serverside/modssl.html
which was also pretty clear and easy to follow (although providing this alternative reminds me of the old adage, about someone who has 2 clocks never knowing the exact time... :-)
cheers
m
Web Server For Microsoft
Don't most browsers choke on self-signed certificates?
I can only speak for Safari on OS X and Internet Explorer on XP: they don't exactly 'choke' as much as 'hiccough'. On a per-session basis, I get prompted with a warning message about the certs, but once I accept this, I can load pages just fine.
Since I am pretty much the only surfer of my pages (I have mine secured with mod-auth, too), I don't mind the minor inconvenience. If others were surfing, I might go ahead and get a real domain name and use one of the cert authorities.
On a side note- I would prefer to use mod-digest instead, but IE really chokes on some of my PHP pages then. Since I am using SSL, am I correct that that covers my mod-auth also? In other words, eventhough the password is sent in the clear, it's sent in the clear THROUGH SLL, so it's encrypted, right?
Since I am pretty much the only surfer of my pages (I have mine secured with mod-auth, too), I don't mind the minor inconvenience. If others were surfing, I might go ahead and get a real domain name and use one of the cert authorities.
On a side note- I would prefer to use mod-digest instead, but IE really chokes on some of my PHP pages then. Since I am using SSL, am I correct that that covers my mod-auth also? In other words, eventhough the password is sent in the clear, it's sent in the clear THROUGH SLL, so it's encrypted, right?
Yes, it is sent over the encrypted link, so it isn't clear-text. Digest authentication is flawed, anyway, so you really need SSL even when you use it.
No. Most offer you the option of importing the cert into your personal store. With IE, simply choose 'View Certificate' when the warning pops up, there's an 'Install Certificate' option within there. For Mozilla, it'll ask if you always want to accept that certificate. IIRC, Safari works similarly. The only time you should ever have a problem again is when the cert changes, which should only be when you change it....or someone else... ;-)
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
---
Answering the age-old question: which is more painful, going to work or gouging your eye out with a spoon?
www.workorspoon.com
Indeed, very nicely done.
---
--
Everything Mac - http://everythingmac.org
---
--
Everything Mac - http://everythingmac.org
Since I work out of a home office a lot, I often put files for clients to access from the network at home. This added bit of security gives those skittish clients a little extra peace of mind.
Nice job!
Nice job!
This hint is great. It's just begging for a nice user-friendly GUI tool to wrap up the functionality, though! anyone?
---
In /dev/null, no one can hear you scream
---
In /dev/null, no one can hear you scream
I was planning on writing one over break in cocoa.
Take a look at SimpleCA at http://users.skynet.be/ballet/joris/SimpleCA/. which uses Tcl/Tk and runs on Linux and Windows. You should be able to get it going on OSX if you install Tcl/Tk.
Being able to create client certificates is very handy and should be part of any similar app for OSX.
-m
Being able to create client certificates is very handy and should be part of any similar app for OSX.
-m
The original hint had: I would suggest the following instead: This setting will disable SSL version 2 (which has seciruty problems) as well as weak ciphers (LOW, EXP).
Having +eNULL is particulary discouraged since NULL ciphers are ciphers offering no encryption! The setting in the original hint doesn't seem to enable NULL ciphers on a server I tested it on but looks dangerous to me.
Great hint BTW.
-m
Having +eNULL is particulary discouraged since NULL ciphers are ciphers offering no encryption! The setting in the original hint doesn't seem to enable NULL ciphers on a server I tested it on but looks dangerous to me.
Great hint BTW.
-m
Thanks for the tweak on the CipherSuite; I was pulling from a .conf file on a Linux box that I have access to and didn't fine-comb through all the details.
Again, the initial goal of writing this hint was to help folks get their teeth around on how to get SSL up and running on their own OS X boxes; fine tuning for performance, security, or other customized tweaks is left for the braver souls to learn and share!
Again, the initial goal of writing this hint was to help folks get their teeth around on how to get SSL up and running on their own OS X boxes; fine tuning for performance, security, or other customized tweaks is left for the braver souls to learn and share!
Hi
Great info on SSL - i've also implemented the 'better' cipher,
Also I think that the info in this link: http://developer.apple.com/internet/serverside/modssl.html could be of interest to all.
Quote from above article:
'You'll be asked for some information when you start this. Most of it is pretty self explanatory, but one item, in particular, is not. Here's what you'll be asked for:
Country Name (2 letter code) [AU]: (enter your country code here)
State or Province Name (full name) [Some-State]: (Enter your state here)
Locality Name (eg, city) []: (enter your city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: (enter something here)
Organizational Unit Name (eg, section) []: (enter something here)
Common Name (eg, YOUR name) []: (this is the important one)
Email Address []: (your e-mail address)
The entry for 'Common Name' is the one that seems like it should be one thing, but is, in fact, another. For this entry, you want to enter your 'Server Name' as it appears in your httpd.conf (which you'll be modifying soon). As this is just a development environment, you can enter 127.0.0.1, which is the default IP for 'localhost'. Now, keep in mind that using 127.0.0.1 is not the same as using 'localhost'. The strings either match, or they don't — Unix is like that.'
...
...
'First, you need to comment out the 'Port' directive by placing a '#' in front of the line.
Port 80 should be changed to #Port 80. You will need to add the following just below where the Port directive was:
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
<IfModule mod_ssl.c>
Listen 443
Listen 80
</IfModule>
Adding these lines tells the server to be aware of traffic on port 80 (the standard HTTP port) and port 443 (the HTTPS port). This allows your SSL aware Apache installation to serve non-secure documents on port 80, while it is serving secure documents on 443.'
- Might be trivial to some but crucial none the less :-)
- Michael
Great info on SSL - i've also implemented the 'better' cipher,
Also I think that the info in this link: http://developer.apple.com/internet/serverside/modssl.html could be of interest to all.
Quote from above article:
'You'll be asked for some information when you start this. Most of it is pretty self explanatory, but one item, in particular, is not. Here's what you'll be asked for:
Country Name (2 letter code) [AU]: (enter your country code here)
State or Province Name (full name) [Some-State]: (Enter your state here)
Locality Name (eg, city) []: (enter your city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: (enter something here)
Organizational Unit Name (eg, section) []: (enter something here)
Common Name (eg, YOUR name) []: (this is the important one)
Email Address []: (your e-mail address)
The entry for 'Common Name' is the one that seems like it should be one thing, but is, in fact, another. For this entry, you want to enter your 'Server Name' as it appears in your httpd.conf (which you'll be modifying soon). As this is just a development environment, you can enter 127.0.0.1, which is the default IP for 'localhost'. Now, keep in mind that using 127.0.0.1 is not the same as using 'localhost'. The strings either match, or they don't — Unix is like that.'
...
...
'First, you need to comment out the 'Port' directive by placing a '#' in front of the line.
Port 80 should be changed to #Port 80. You will need to add the following just below where the Port directive was:
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
<IfModule mod_ssl.c>
Listen 443
Listen 80
</IfModule>
Adding these lines tells the server to be aware of traffic on port 80 (the standard HTTP port) and port 443 (the HTTPS port). This allows your SSL aware Apache installation to serve non-secure documents on port 80, while it is serving secure documents on 443.'
- Might be trivial to some but crucial none the less :-)
- Michael
Thanks for the article! One question... anyone know the trick to get this to work for apache2 from fink? I did /sw/sbin/apachectl start and apache starts find, but nothing is listening on the https port. Tried nmap too and nothin is there. Did have to take out the AddModule since that is gone in apache2, but what else do I have to do to enable mod ssl?
Nice how-to .. I'd elide the cert generation a bit, and just use the single command-line invocation below:
openssl req -days 720 -new -keyout <HOSTNAME>.key -out $<HOSTNAME>.crt -nodes -x509
(where you replace the string '<HOSTNAME>' with the name of the web server, e.g. the name that's in the https:// url.)
The -days string will make it so the cert doesn't expire for 2 years, which I find reasonable for a personal https:// webserver.
The command will produce two files:
your.host.name.crt
your.host.name.key
Place those in a safe location, make sure the key is readable only by root, and reference the full path in Apache .. you're set.
openssl req -days 720 -new -keyout <HOSTNAME>.key -out $<HOSTNAME>.crt -nodes -x509
(where you replace the string '<HOSTNAME>' with the name of the web server, e.g. the name that's in the https:// url.)
The -days string will make it so the cert doesn't expire for 2 years, which I find reasonable for a personal https:// webserver.
The command will produce two files:
your.host.name.crt
your.host.name.key
Place those in a safe location, make sure the key is readable only by root, and reference the full path in Apache .. you're set.
Help: How to create a secure (HTTPS) OS X webserver
![Web Web](/uploads/1/3/4/9/134903897/129504610.jpg)
Thanks!! This is a GREAT hint.
Of course, I've done this (and similar suggestions from other sources, and I still can't get my Mac to serve https.
I am trying to set up a secure (https) server on the same domain as my non-secure server. In otehr words: I want http://www.domain.com to be a regular http server and https://www.domain.com to be a secure https server.
I have tried this (assume the missing brackets, please):
VirtualHost *:80
     DocumentRoot /Library/WebServer/Documents
     ErrorLog /private/var/log/httpd/error_log
/VirtualHost
VirtualHost *:443
    DocumentRoot /Library/WebServer/Secure
    ErrorLog /private/var/log/httpd/error_log2
    SSLEngine on   Â
/VirtualHost
in my httpd.conf file (with the SSLCertificateFile and SSLCertificateKey directives coming earlier in the file (I tried to include them in the virtualhost container, but Apache said no...and would not start)
I also tried the ssl.conf file suggested here, and I tried adding the directives in the ssl.conf file to the httpd.conf file.
Apache started with no hiccups each time.
The mod_ssl is loaded and added
But when I try to access www.domain.com which points to my Mac (10.3.7 client, NOT server)I do fine with the http:// connection (on port 80), but when I try an https:// connection (even if I specify :443) it tells me it cannot find the server.
Ports 80 and 443 are open (personal web sharing is on and I manually opened 443) in Sharing Preferences, and I have routed them to my Mac through my Airport Extreme Base Station's port mapping.
Any suggestions would me very much appreciated!
Thanks!!!
Of course, I've done this (and similar suggestions from other sources, and I still can't get my Mac to serve https.
I am trying to set up a secure (https) server on the same domain as my non-secure server. In otehr words: I want http://www.domain.com to be a regular http server and https://www.domain.com to be a secure https server.
I have tried this (assume the missing brackets, please):
VirtualHost *:80
     DocumentRoot /Library/WebServer/Documents
     ErrorLog /private/var/log/httpd/error_log
/VirtualHost
VirtualHost *:443
    DocumentRoot /Library/WebServer/Secure
    ErrorLog /private/var/log/httpd/error_log2
    SSLEngine on   Â
/VirtualHost
in my httpd.conf file (with the SSLCertificateFile and SSLCertificateKey directives coming earlier in the file (I tried to include them in the virtualhost container, but Apache said no...and would not start)
I also tried the ssl.conf file suggested here, and I tried adding the directives in the ssl.conf file to the httpd.conf file.
Apache started with no hiccups each time.
The mod_ssl is loaded and added
But when I try to access www.domain.com which points to my Mac (10.3.7 client, NOT server)I do fine with the http:// connection (on port 80), but when I try an https:// connection (even if I specify :443) it tells me it cannot find the server.
Ports 80 and 443 are open (personal web sharing is on and I manually opened 443) in Sharing Preferences, and I have routed them to my Mac through my Airport Extreme Base Station's port mapping.
Any suggestions would me very much appreciated!
Thanks!!!
I have three questions:
1) Everything seemed to work untill I noticed that the result of Step 4 showed that the certificate was ONLY valid for 360 days (1 year), and not as entered in step 3; 3650 days (10 years). I have tried several times and I keep getting the same result. Anybody have a clue and advise?
2) When I get this all installed, will ALL pages served by the Mac Os X Apache server be run as SSL (https://blabla)?
3) Can people choose to see the same pages as normal non-ssl encrypted (http://blabla), depending on if they use the 's' after http in the url?
Your guide seems pretty simple compared to the documentation I have seen elseware for ssl implementation in Apache/mac osx. Looking forward to seeing working!
regards,
Davidw
1) Everything seemed to work untill I noticed that the result of Step 4 showed that the certificate was ONLY valid for 360 days (1 year), and not as entered in step 3; 3650 days (10 years). I have tried several times and I keep getting the same result. Anybody have a clue and advise?
2) When I get this all installed, will ALL pages served by the Mac Os X Apache server be run as SSL (https://blabla)?
3) Can people choose to see the same pages as normal non-ssl encrypted (http://blabla), depending on if they use the 's' after http in the url?
Your guide seems pretty simple compared to the documentation I have seen elseware for ssl implementation in Apache/mac osx. Looking forward to seeing working!
regards,
Davidw
Notes from newbie:
was trying to do above. all worked fine when i did local access via 127.0.0.1 but when i tried using external address it didn't work.
i'm assuming you have to manually add port 443 to sharing firewall (in addition to 80 & 427).
when i tried to add this via the SystemPreferences GUI, it wouldn't allow me to edit so i had to hack the Library/Preferences/...firewall.plist file manually.
anyone know why? anyways, hope this may be helpful to the next person.
was trying to do above. all worked fine when i did local access via 127.0.0.1 but when i tried using external address it didn't work.
i'm assuming you have to manually add port 443 to sharing firewall (in addition to 80 & 427).
when i tried to add this via the SystemPreferences GUI, it wouldn't allow me to edit so i had to hack the Library/Preferences/...firewall.plist file manually.
anyone know why? anyways, hope this may be helpful to the next person.
You should be able to add new ports to the firewall configuration in System Preferences by going to Sharing and pick the Firewall tab there. There's a New button there -- this produces a list of protocols, but you can select Other and enter a range of ports.
Checking/enabling the 'Personal Web Sharing' box in the 'Sharing' preference panel covers ports 80, 427, and 443 already -- at least in Mac OS X 10.4.8
Can people choose to see the same pages as normal non-ssl encrypted (http://blabla) ...
People can try to access your secure site with http://your site.com; however, you can keep them out with a little simple PHP code at the top of your secure site web pages:
$port=$_SERVER['SERVER_PORT'];
if($port<>'443') :
// insecure site code goes here
exit();
endif ;
$port=$_SERVER['SERVER_PORT'];
if($port<>'443') :
// insecure site code goes here
exit();
endif ;
I had a similar problem and found at least a workaround if not the specific cause. Prior to this step, edit the /System/Library/OpenSSL/openssl.cnf file and change:
default_days = 365
to
default_days = 3650
Then the cert will reflect 10 years. I'm guessing the config file options take precendent over command line flags.
default_days = 365
to
default_days = 3650
Then the cert will reflect 10 years. I'm guessing the config file options take precendent over command line flags.
There is another reply regarding the expiry date that suggests changing the default_days in the OpenSSL config file; that can't hurt, but didn't do it for me. I had to edit sign.sh from the mod_ssl package and change default_days there as well. Using sign.sh is part of the instructions from http://developer.apple.com/internet/serverside/modssl.html
Excellent instructions, but things break down at the signing stage. I received:
Using configuration from /System/Library/OpenSSL/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
3627:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
3627:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
unable to load CA private key
Signed certificate is in newcert.pem
I retraced my steps - What went wrong?
Cheers
Revisited the this hint to set things up for a secure webserver in 10.4 (Tiger); read through the comments to get some of the updated comments made by users: Using configuration from /System/Library/OpenSSL/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem
3627:error:02001002:system library:fopen:No such file or directory:bss_file.c:278:fopen('./demoCA/private/cakey.pem','r')
3627:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:280:
unable to load CA private key
Signed certificate is in newcert.pem
I retraced my steps - What went wrong?
Cheers
amongst others but it's nice to see that it still works!
Sorry, I closely followed the instructions on a Tiger 10.4 xserve (my fault!).
Should have used the Apple certified document first place:
http://developer.apple.com/internet/serverside/modssl.html
thanks anyway.
Should have used the Apple certified document first place:
http://developer.apple.com/internet/serverside/modssl.html
thanks anyway.
In the final section, the lines: aren't necessary unless you're also doing client-certification (where clients are also issued with certificates to allow the web server to verify client identities).
I used this guide very successfully on Tiger. Thanks for the article.
Unfortunately, Leopard uses Apache 2, which seems to operate differently as SSL serving no longer works as before.
Is there any chance of an update to bring us all up to scratch?
Thanks, again!
Unfortunately, Leopard uses Apache 2, which seems to operate differently as SSL serving no longer works as before.
Is there any chance of an update to bring us all up to scratch?
Thanks, again!
![For For](/uploads/1/3/4/9/134903897/912912620.png)
Thank you for the post! Very useful.
For Mac OS 10.5.8, please check this post for additional information:
http://hints.macworld.com/article.php?story=20080628074917113
and please note that 'cacert.pem' is in the 'demoCA' folder.
For Mac OS 10.5.8, please check this post for additional information:
http://hints.macworld.com/article.php?story=20080628074917113
and please note that 'cacert.pem' is in the 'demoCA' folder.
BTW: here's where to do this with Snow Leopard and Lion OS 10.6 10.7+ , although this is for creating self signed certificates only, not as your own CA (certificate authority):
Configure SSL on Lion's Apachehttp://apple.stackexchange.com/questions/25434/configuring-ssl-with-apache-under-lion
...otherwise, the above instructions generate the following error on Lion's apache:
(the signed certificate it claims that it makes after all of those errors is, in fact, not valid nor legitimate. it has no functionality and is neither signed nor certified.
Configure SSL on Lion's Apachehttp://apple.stackexchange.com/questions/25434/configuring-ssl-with-apache-under-lion
...otherwise, the above instructions generate the following error on Lion's apache:
bash-3.2# /System/Library/OpenSSL/misc/CA.pl -signreq Using configuration from /System/Library/OpenSSL/openssl.cnf
Error opening CA private key ./demoCA/private/cakey.pem 16021:error:02001002:system library:fopen:No such file or directory:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:356:fopen('./demoCA/private/cakey.pem','r') 16021:error:20074002:BIO routines:FILE_CTRL:system lib:/SourceCache/OpenSSL098/OpenSSL098-44/src/crypto/bio/bss_file.c:358: unable to load CA private key Signed certificate is in newcert.pem
(the signed certificate it claims that it makes after all of those errors is, in fact, not valid nor legitimate. it has no functionality and is neither signed nor certified.