Settings > Hosts > SSL

To encrypt traffic from Apache or Nginx to a web browser you can use SSL.

Note: SSL functionality is not available for the host “localhost”.

For a web browser to accept a host’s SSL certificate without prompting, it must be signed with a special certificate. Before creating the first own host, MAMP PRO creates such a special “MAMP PRO certificate” and stores it in the macOS keychain. With this “MAMP PRO certificate” all further SSL certificates are signed afterwards, which MAMP PRO creates.

But this only works if the web browser uses the macOS keychain, like Safari, Chrome or Brave do. Firefox and Edge on the other hand do not use the key ring. Here you have to accept the host certificate once when you access the website via https.

Since entering the “MAMP-PRO certificate” into the macOS keychain is a security-relevant action, the operating system asks for the administrator name and password of the macOS user.

The “MAMP-PRO certificate” has the name “MAMP_PRO_Root_CA” in the macOS keychain. You can view it and also delete it manually. It is automatically created and entered again by MAMP PRO if necessary.

You can check that a host uses the SSL functionality by looking at the padlock before the host name in the hosts table.

MAMP PRO - SSL

  • SSL
    Check to enable SSL. After creating or enabling your SSL certificates your sites will now use https.

  • Certificate file
    Point to your certificate file. The directory dialogue will only recognize .crt files.

  • Certificate key file
    Point to your certificate key file. The directory dialogue will only recognize .key files.

  • Advanced Options

    • Certificate chain file (Apache only)
      Point to your chain file or Alias.

    • Enforce TLS encryption, do not allow insecure methods
      Activating this option prevents web browsers from using old and insecure SSL methods when connecting to this host. Only connections using TLS 1.0, 1.1 and 1.2 are accepted, SSLv2 and SSLv3 connections are rejected. This is a recommended setting.

    • Allow to access this host via insecure http connections
      Activating this option allows web browsers to also access ALL resources of this SSL host via http protocol. This is NOT a recommended setting.

      If you only want to make PARTS of the site accessible via http (i.e. static content like images) do NOT check this option but use the or (Apache) or "location" or "server" (Nginx) directives in the appropriate tab or template file.

  • Create a new self-signed certificate…
    Use “Create a new self-signed certificate…” if you want to test SSL functionality. Your browser will not recognize this certificate, and you will have to click through warnings when viewing your site in a browser.

    MAMP PRO - SSL - Create a new self-signed certificate

    It is normal to receive a warning when using a self-signed certificate created by MAMP PRO. More information on this can be found here.