MAMP PRO (macOS) Documentation

product overview

Search

Sites > Site > SSL

MAMP PRO - Sites - Site - SSL

To encrypt traffic from Apache or Nginx to a web browser, you can use SSL.

Note: SSL functionality is not available for the localhost site.

For a web browser to accept a sites’s SSL certificate without prompting, it must be signed with a special certificate. Before creating the first own site, MAMP PRO creates such a special “MAMP PRO certificate” and stores it in the macOS keychain. This “MAMP PRO certificate” will be used to sign all future SSL certificates created by MAMP PRO.

This only works if the web browser uses the macOS keychain, like Safari, Chrome or Brave. Firefox and Edge do not use the keychain. Here you have to accept the sites certificate once when accessing the website via https.

Since adding the “MAMP-PRO certificate” to the macOS keychain is a security-related action, the operating system will ask for the administrator name and password of the macOS user.

The “MAMP-PRO Certificate” has the name “MAMP_PRO_Root_CA” in the macOS keychain. You can view it and also manually delete it. It is automatically created and re-entered by MAMP PRO if necessary.

  • Enable SSL
    Activate this checkbox if your site should be accessible via the https protocol (https://).

    Note that this checkbox is automatically checked if you have specified a name ending in “.dev” because this is a top-level domain and the publisher has specified that for security reasons only secure connections over https are allowed, so browsers automatically redirect from http to https. More information about this top-level domain can be found at Wikipedia.

  • Certificate file
    Point to your certificate file. The directory dialogue will only recognize .crt files.

  • Certificate key file
    Point to your certificate key file. The directory dialogue will only recognize .key files.

  • Advanced Options

    • Chain file (Apache only)
      Point to your chain file or Alias.

    • Enforce TLS encryption, do not allow insecure methods
      Activating this option prevents web browsers from using old and insecure SSL methods when connecting to this site. Only connections using TLS 1.0, 1.1, and 1.2 will be accepted, and SSLv2 and SSLv3 connections will be rejected. This is the recommended setting.

    • Allow to access this site via insecure http connections
      Activating this option will allows web browsers to also access ALL resources of this SSL site via http protocol. This is NOT a recommended setting.

      If you only want to make PARTS of the site accessible via http (i.e. static content like images), do NOT check this option but use the <Directory> or <VirtualHost> (Apache) or location or server (Nginx) directives in the appropriate tab or template file.

  • Create a new self-signed certificate…
    Use “Create a new self-signed certificate…” to test SSL functionality. Your browser will not recognize this certificate and you will have to click through warnings when viewing your site in a browser.

    MAMP PRO - SSL - Create a new self-signed certificate

    It is normal to get a warning when using a self-signed certificate created by MAMP PRO.