Applies to:

Zend Server 8 and up
Mac OS X 10.10


This recipe have the basics of enabling the default template of HTTPS which comes with Zend Server. It also refers to self-signed certificates for testing and development if you need such.


Note about missing certificate:

By default, Zend Server included Apache does not have the SSL certificate files in place. HTTP SSL conf expects to find them in /usr/local/zend/apache2/conf/ and if they are missing, you will get this error when starting Apache:
SSLCertificateFile: file '/usr/local/zend/apache2/conf/server.crt' does not exist or is empty

See below how to create self-signed certificates in the above path if needed.

To enable SSL vhost (don't skip step 3):

1. edit/usr/local/zend/apache2/conf/httpd.conf
2. find and uncomment (remove the leading #) the following line:

#Include conf/extra/httpd-ssl.conf

3. edit /usr/local/zend/apache2/conf/extra/httpd-ssl.conf to suit your SSL needs - see notes below
4. restart Apache using /usr/local/zend/bin/ restart-apache

5. Load https://<hostname> in your browser to test (if the port is 443, otherwise add :<port> to the URL)


Note about Port: If you have port 443 already taken, change the port in '', on all places it appears (search and replace is good here).

Note about SSL vhost in general: You better go over the configuration in /usr/local/zend/apache2/conf/extra/httpd-ssl.conf to verify the site name (_DEFAULT_ by default), ServerName and ServerAdmin are correct, before saving and restarting Apache. Make SURE the VirtualHost directive has NO Hostname, like this:
<VirtualHost *:443>

Note about certificates: if you DO NOT use the default path '/usr/local/zend/apache2/conf/' for placing 'server.crt' and 'server.key', change the appropriate configuration to load SSLCertificateFile, SSLCertificateKeyFile and if used, SSLCertificateChainFile from the correct location.

Self-Signed test certificates

To create a self-signed certificate on Mac, using the Mac openssl, you can run this command and follow-up with some information to the prompts. Once finished collecting certificate information, the key and crt files will be created, and you need to restart Apache to use the SSL vhost.

$ sudo /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/zend/apache2/conf/server.key -out /usr/local/zend/apache2/conf/server.crt
  • No labels