Getting SSL Going on Mac OS X 10.4 Tiger for WebDAV on SSL
After I got the WebDAV server working on my OS X 10.4 machine, the next thing was to get SSL working with a self-signed certificate so that I could do secure WebDAV to the box. I've done this on Leopard (10.5) and so doing it on 10.4 was not too bad, but there were a few wrinkles.
First, follow the directions for creating the certificate files in this Mac OS X Hints hint. Don't mess with the httpf.conf file as we're going to do something a little more 10.5-like there. But make the cert, and the private key and the request and then sign it all.
Then in the /etc/httpd/users/ directory use the following file for ssl.conf - theirs is missing a few things.
# # This is the SSL config goodies # LoadModule ssl_module libexec/httpd/libssl.so AddModule mod_ssl.c <IfModule mod_ssl.c> Listen 80 Listen 443 # Some MIME-types for downloading Certificates and CRLs AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # inintial Directives for SSL # enable SSLv3 but not SSLv2 SSLProtocol all -SSLv2 SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex SSLRandomSeed startup builtin SSLLog /var/log/httpd/ssl_engine_log SSLLogLevel info <VirtualHost _default_:443> SSLEngine on DocumentRoot "/Library/WebServer/Documents" ServerName MACHINE ServerAdmin you@yourplace.com ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /Users/YOURNAME/Documents/certs/frosty/newcert.pem SSLCertificateKeyFile /Users/YOURNAME/Documents/certs/MACHINE/webserver.nopass.key SSLCACertificateFile /Users/YOURNAME/Documents/certs/demoCA/cacert.pem SSLCARevocationPath /Users/YOURNAME/Documents/certs/demoCA/crl <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/Library/WebServer/CGI-Executables"> SSLOptions +StdEnvVars </Directory> # correction for browsers that don't always handle SSL connections well SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> </IfModule>
Where YOURNAME is the login you put the certificates under, and MACHINE is the name of the machine directory that you put the specific certs in. It's pretty close to what he had, but there are a few differences and it's important differences.
With this, I have https: and WebDAV over SSL for the box. Nothing horribly hard about this, but it's nice to have it all working now. Just took a little time.