Settings > Hosts > SSL

To encrypt traffic from Apache or Nginx to a web browser, you can use SSL.

Note: SSL functionality is not available for the localhost host.

For a web browser to accept a host’s SSL certificate without prompting, it must be signed with a special certificate. Before creating the first own host, MAMP PRO creates such a special “MAMP PRO certificate” and stores it in the MacOS keychain. This “MAMP PRO certificate” will be used to sign all future SSL certificates created by MAMP PRO.

This only works if the web browser uses the MacOS keychain, like Safari, Chrome or Brave. Firefox and Edge do not use the keychain. Here you have to accept the host certificate once when accessing the website via https.

Since adding the “MAMP-PRO certificate” to the MacOS keychain is a security-related action, the operating system will ask for the administrator name and password of the MacOS user.

The “MAMP-PRO Certificate” has the name “MAMP_PRO_Root_CA” in the macOS keychain. You can view it and also manually delete it. It is automatically created and re-entered by MAMP PRO if necessary.

You can verify that a host is using SSL functionality by looking at the padlock in front of the host name in the hosts table.


  • SSL
    Check to enable SSL. After creating or enabling your SSL certificates your sites will now use https.

    Note that this checkbox is automatically checked if you have specified a name ending in “.dev” because this is a top-level domain and the publisher has specified that for security reasons only secure connections over https are allowed, so browsers automatically redirect from http to https. More information about this top-level domain can be found at Wikipedia.

  • Certificate file
    Point to your certificate file. The directory dialogue will only recognize .crt files.

  • Certificate key file
    Point to your certificate key file. The directory dialogue will only recognize .key files.

  • Advanced Options

    • Certificate chain file (Apache only)
      Point to your chain file or Alias.

    • Enforce TLS encryption, do not allow insecure methods
      Activating this option prevents web browsers from using old and insecure SSL methods when connecting to this host. Only connections using TLS 1.0, 1.1, and 1.2 will be accepted, and SSLv2 and SSLv3 connections will be rejected. This is the recommended setting.

    • Allow access to this host over insecure http connections.
      Enabling this option will allow web browsers to access ALL resources of this SSL host via http protocol. This is NOT recommended.

      If you only want to make PARTS of the site accessible via http (i.e. static content like images), do NOT check this option, but use the or (Apache) or "location" or "server" (Nginx) directives in the appropriate tab or template file.

  • Create a new self-signed certificate….
    Use “Create a new self-signed certificate…” to test SSL functionality. Your browser will not recognize this certificate and you will have to click through warnings when viewing your site in a browser.

    MAMP PRO - SSL - Create a new self-signed certificate

    It is normal to get a warning when using a self-signed certificate created by MAMP PRO. More information can be found here.