How To Enable SSL On Zend Server for Mac


This article is also available in our new Knowledge Base: How To Enable SSL On Zend Server for Mac

Applies to:
Zend Server 8 and up
Mac OS X 10.10


This recipe have the basics of enabling the default template of HTTPS which comes with Zend Server. It also refers to self-signed certificates for testing and development if you need such.


Note about missing certificate:
By default, Zend Server included Apache does not have the SSL certificate files in place. HTTP SSL conf expects to find them in /usr/local/zend/apache2/conf/ and if they are missing, you will get this error when starting Apache:
SSLCertificateFile: file '/usr/local/zend/apache2/conf/server.crt' does not exist or is empty

See below how to create self-signed certificates in the above path if needed.

To enable SSL vhost (don't skip step 3):

1. edit /usr/local/zend/apache2/conf/httpd.conf
2. find and uncomment (remove the leading #) the following line:

#Include conf/extra/httpd-ssl.conf

3. edit /usr/local/zend/apache2/conf/extra/httpd-ssl.conf to suit your SSL needs - see notes below
4. restart Apache using /usr/local/zend/bin/ restart-apache

5. Load https://<hostname> in your browser to test (if the port is 443, otherwise add :<port> to the URL)

Note about Port: If you have port 443 already taken, change the port in '', on all places it appears (search and replace is good here).

Note about SSL vhost in general: You better go over the configuration in /usr/local/zend/apache2/conf/extra/httpd-ssl.conf to verify the site name (_DEFAULT_ by default), ServerName and ServerAdmin are correct, before saving and restarting Apache. Make SURE the VirtualHost directive has NO Hostname, like this:
<VirtualHost *:443>

Note about certificates: if you DO NOT use the default path '/usr/local/zend/apache2/conf/' for placing 'server.crt' and 'server.key', change the appropriate configuration to load SSLCertificateFile, SSLCertificateKeyFile and if used, SSLCertificateChainFile from the correct location.

Self-Signed test certificates
To create a self-signed certificate on Mac, using the Mac openssl, you can run this command and follow-up with some information to the prompts. Once finished collecting certificate information, the key and crt files will be created, and you need to restart Apache to use the SSL vhost.

sudo /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/zend/apache2/conf/server.key -out /usr/local/zend/apache2/conf/server.crt