Skip to content

Instantly share code, notes, and snippets.

@adnan360
Last active September 14, 2024 14:38
Show Gist options
  • Save adnan360/ad2b1cfc44114ac6f91fbb668c76798d to your computer and use it in GitHub Desktop.
Save adnan360/ad2b1cfc44114ac6f91fbb668c76798d to your computer and use it in GitHub Desktop.
Use HTTPS on Localhost (XAMPP, Windows)

Sometimes some websites require https to work. This can be useful in those cases.

This has been tested with XAMPP (PHP 7.0.8) on Windows 7. Please see the Reference links at the end if in confusion about some step.

STEP 1: Editing Configs

Open:

C:\xampp\php\php.ini

In this ini file semi colon (;) is used to comment a line. We want to use openssl library, so we have to make sure the line for openssl is not commented.

Remove semi colon (;) in front of the line, if there is any:

extension=php_openssl.dll

Search for "date.timezone". Make this your timezone. I have chosen Europe/London as a standard. Check this page for your timezone (http://php.net/manual/en/timezones.php)

date.timezone=Europe/London

(Optional) Now uncomment this to to be able to debug:

zend_extension="C:\xampp\php\ext\php_xdebug.dll" 

Save.

Now, open: C:\xampp\apache\conf\httpd.conf

Make sure that this is uncommented (no semi colon - ;)

LoadModule rewrite_module modules/mod_rewrite.so

Make sure that you enter your username on this line

User user

For example:

User john

Save.

STEP 2: Create the Certificate

Open Command Prompt, then enter:

cd /D C:\xampp\apache

(Assuming you have installed xampp in C:\xampp\apache)

Now enter:

makecert

Now you should see this:

C:\xampp\apache>makecert
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............................++++++
.....................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:

Enter in a pass phrase for decrypting your private server key, and press Enter.

It will say:

Verifying - Enter PEM pass phrase:

Enter the passphrase again, press enter. Now you will see this:

-----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:

We have entered London in our timezone so I am choosing the 2 letter code GB (for United Kingdom). You can find yours here: http://www.worldatlas.com/aatlas/ctycodes.htm

For some fields you can just press enter to skip fields. They are not necessary for the certificate to work.

State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:

For Common Name enter localhost. It is important that this common name match the address that goes into a browser, otherwise you will get extra warnings when navigating to your secure web pages. In our case this would be localhost.

Common Name (e.g. server FQDN or YOUR name) []:

Then it will say this:

Email Address []:

You can press enter. Then:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

You can safely skip these inputs by pressing enter.

Then it will say:

Enter pass phrase for privkey.pem:

Now enter the passphrase that you chose earlier.

Now this should succeed with a message:

writing RSA key
Signature ok
subject=/C=GB/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
Getting Private key
        1 file(s) moved.
        1 file(s) moved.

-----
Das Zertifikat wurde erstellt.
The certificate was provided.

Press any key to continue . . .

You are now finished creating your SSL certificate and private key. When we ran makecert, it actually ran a makecert.bat script. The makecert.bat script will move your server private key and certificates in the appropriate directories for you.

STEP 3:

Now go to start menu, type the following and enter:

certmgr.msc

Double click "Trusted Root Certification Authorities". Right click "Certificates", choose All Tasks -> Import...

Click Next. It will ask to choose the certificate file. Click Browse and choose C:\xampp\apache\conf\ssl.crt\server.crt Click Next. Next again, then Finish.

This will bring you a message. Click Yes. Then it should say Import was successful. Click OK.

STEP 4: Restart XAMPP services

I just stopped the Apache and MySQL service from XAMPP Control Panel, and when they stopped, I just started them again.

This should now enable https on localhost.

STEP 4: Now test!

Now access https://localhost in your browser.

Reference: https://www.youtube.com/watch?v=jKVjpA1Gq6o https://jaswanttak.wordpress.com/2010/04/15/configure-ssl-on-xampp-and-windows/

@mikehains
Copy link

These are excellent steps. Very well done. Unfortunately, they did not work for me ... due to changes with Chrome.

A problem has arisen with 'Subject Alternative Name Missing'. See here: https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing and other notes.

A solution has been suggested here: https://community.apachefriends.org/f/viewtopic.php?t=75613&p=256430# (scroll to the bottom, ignoring the vitriol earlier on the page).

In short:

STEP 1B: Prepare for V3 Certificate

In C:\xampp\apache ... create a file named V3.ext with these contents:

subjectAltName = @alt_names
[alt_names]
DNS.1 =localhost
DNS.2 =*.your.domain
DNS.3 =your.domain
DNS.4 =127.0.0.1
DNS.5 =127.0.0.2

Then edit C:\xampp\apache\makecert.bat and change line 9 to read:

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 -extfile v3.ext

@azzazkhan
Copy link

These steps are not working on my machine.
I used a virtual domain "www.testdomain.com" directory "C:\xampp\htdocs\virtualdomains\testdomain"
When I tried to access the site with ssl like "https://www.testdomain.com", Chrome pops error that the connection is insecure I continued with insecure connection and it loaded files from unexpected path like "C:\xampp\htdocs" rather than "C:\xampp\htdocs\virtualdomains\testdomain".
Is this a step error?
Please help me!

@nicolasflorth
Copy link

@azzazkhan This is a late response but I just had the same problem and it was fixed having in apache/conf/extra/httpd-vhost.conf for # http <VirtualHost *:80> and for # https <VirtualHost *:443>

@MarchosiasM
Copy link

@mikehains Your fix helped with one of the errors I got, but I got another error about ERR_CERT_AUTHORITY_INVALID.

It seems to be related to my cert being self-signed

@shivamkrch
Copy link

It also did not work for me

@mikehains
Copy link

mikehains commented Apr 19, 2019

Hey Hey ... back here again (new installation on a laptop). Just downloaded and installed the PHP 7.2 version (2019_04_19 ... Windows 10).

To get it to work, I also had the following extra step:

STEP 5: Change Virtual Host from 'Example'

In the XAMPP Control Panel v3.2.3 ... on the 'Apache' line click "Config" and open "httpd-ssl.conf".

Find the line <VirtualHost default:443>

Comment out the next three operating lines by adding # at the start, like so:
#DocumentRoot "C:/xampp/htdocs"
#ServerName www.example.com:443
#ServerAdmin admin@example.com

Edit these to refer to your new set up. In my case, they read
DocumentRoot "C:/xampp/htdocs/Clients"
ServerName localhost:443
ServerAdmin admin@localhost.com

Success !!

@junglized
Copy link

junglized commented Mar 27, 2020

That worked like a charm along with step 1B provided by @mikehains. Thank you! Do yoy guys know where can I find similar tutorial for wildcard sub-domains, such as mydomain.localhost or mydomain2.localhost?

EDIT

I tried *.localhost as Common Name, but it unfortunately didn't work.

EDIT2

Certificate doesn't work in Firefox 74.0.

@adnan360
Copy link
Author

Oh my! I don't use Windows for so many days. I guess I'll have to boot up a Windows machine revise this.

@ligantx
Copy link

ligantx commented May 17, 2020

So...after spending like 10-20 hours trying to fix this out i found this tutorial very good (relative tutorials can be found herehttp://robsnotebook.com/xampp-ssl-encrypt-passwords and here https://gist.github.com/nguyenanhtu/33aa7ffb6c36fdc110ea8624eeb51e69
My problem was that i wanted localhost to point to another folder (outside htdocs folder, let's say "E:\myUniqueFolder\myWebsite"), so i had a lot of errors.

DISCLAIMER: i've made many changes over time, so im not 100% sure there is another hidden step in between, but at the end i tried to delete all the edits until i find the absolute minimum

Here are my steps:

  1. followed STEP 1, 1B (in comments) from above
    In V3.ext file i put (192.168.1.x is my pc local ip):
subjectAltName = @alt_names
[alt_names]
DNS.1 =192.168.1.x
DNS.2 =*.192.168.1.x
DNS.3 =localhost
DNS.4 =127.0.0.1
DNS.5 =127.0.0.2

i used localhost as "Common Name"

continue with STEP 2,3,4 from this tutorial, test gave me denied access to my custom folder

  1. IMPORTANT STEP that fixed the issue after reading and trying ton of things:
    (modified step 5)
    add at the end of C:\xampp\apache\conf\extra\httpd-vhosts.conf
<VirtualHost *:443>
	DocumentRoot "E:\myUniqueFolder\myWebsite"
	<Directory "E:\myUniqueFolder\myWebsite">
		Options Indexes FollowSymLinks Includes ExecCGI
		AllowOverride All
		Require all granted
	</Directory>
	ErrorLog "E:\myUniqueFolder\myWebsite\error.log"
	SSLEngine on
	SSLCertificateFile "C:\xampp\apache\conf\ssl.crt\server.crt"
	SSLCertificateKeyFile "C:\xampp\apache\conf\ssl.key\server.key"
</VirtualHost>

i didnt have to change anything in httpd-ssl.conf file as STEP 5 suggested above.

  1. restart Apache and Mysql from XAMPP

  2. try "localhost" and "localhost/phpmyadmin" in your browser

UPDATE: i found it extremely difficult to make my self signed certificate work in every condition (for example when using microncontrollers)..
super easy solution: use ngrok. You can make your localhost public and secured with just one command..

@muhadafa
Copy link

Just a beginner... still trying. i will implement and get back if i have any challenge. Thank you all for the insightful help.

@muhadafa
Copy link

These are excellent steps. Very well done. Unfortunately, they did not work for me ... due to changes with Chrome.

A problem has arisen with 'Subject Alternative Name Missing'. See here: https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing and other notes.

A solution has been suggested here: https://community.apachefriends.org/f/viewtopic.php?t=75613&p=256430# (scroll to the bottom, ignoring the vitriol earlier on the page).

In short:

STEP 1B: Prepare for V3 Certificate

In C:\xampp\apache ... create a file named V3.ext with these contents:

subjectAltName = @alt_names
[alt_names]
DNS.1 =localhost
DNS.2 =*.your.domain
DNS.3 =your.domain
DNS.4 =127.0.0.1
DNS.5 =127.0.0.2

Then edit C:\xampp\apache\makecert.bat and change line 9 to read:

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 -extfile v3.ext

Sometimes some websites require https to work. This can be useful in those cases.

This has been tested with XAMPP (PHP 7.0.8) on Windows 7. Please see the Reference links at the end if in confusion about some step.

STEP 1: Editing Configs
Open:

C:\xampp\php\php.ini
In this ini file semi colon (;) is used to comment a line. We want to use openssl library, so we have to make sure the line for openssl is not commented.

Remove semi colon (;) in front of the line, if there is any:

extension=php_openssl.dll
Search for "date.timezone". Make this your timezone. I have chosen Europe/London as a standard. Check this page for your timezone (http://php.net/manual/en/timezones.php)

date.timezone=Europe/London
(Optional) Now uncomment this to to be able to debug:

zend_extension="C:\xampp\php\ext\php_xdebug.dll"
Save.

Now, open: C:\xampp\apache\conf\httpd.conf

Make sure that this is uncommented (no semi colon - ;)

LoadModule rewrite_module modules/mod_rewrite.so
Make sure that you enter your username on this line

User user
For example:

User john
Save.

STEP 2: Create the Certificate
Open Command Prompt, then enter:

cd /D C:\xampp\apache
(Assuming you have installed xampp in C:\xampp\apache)

Now enter:

makecert
Now you should see this:

C:\xampp\apache>makecert
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............................++++++
.....................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Enter in a pass phrase for decrypting your private server key, and press Enter.

It will say:

Verifying - Enter PEM pass phrase:
Enter the passphrase again, press enter. Now you will see this:


You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:
We have entered London in our timezone so I am choosing the 2 letter code GB (for United Kingdom). You can find yours here: http://www.worldatlas.com/aatlas/ctycodes.htm

For some fields you can just press enter to skip fields. They are not necessary for the certificate to work.

State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
For Common Name enter localhost. It is important that this common name match the address that goes into a browser, otherwise you will get extra warnings when navigating to your secure web pages. In our case this would be localhost.

Common Name (e.g. server FQDN or YOUR name) []:
Then it will say this:

Email Address []:
You can press enter. Then:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
You can safely skip these inputs by pressing enter.

Then it will say:

Enter pass phrase for privkey.pem:
Now enter the passphrase that you chose earlier.

Now this should succeed with a message:

writing RSA key
Signature ok
subject=/C=GB/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
Getting Private key
1 file(s) moved.
1 file(s) moved.


Das Zertifikat wurde erstellt.
The certificate was provided.

Press any key to continue . . .
You are now finished creating your SSL certificate and private key. When we ran makecert, it actually ran a makecert.bat script. The makecert.bat script will move your server private key and certificates in the appropriate directories for you.

STEP 3:
Now go to start menu, type the following and enter:

certmgr.msc
Double click "Trusted Root Certification Authorities". Right click "Certificates", choose All Tasks -> Import...

Click Next. It will ask to choose the certificate file. Click Browse and choose C:\xampp\apache\conf\ssl.crt\server.crt Click Next. Next again, then Finish.

This will bring you a message. Click Yes. Then it should say Import was successful. Click OK.

STEP 4: Restart XAMPP services
I just stopped the Apache and MySQL service from XAMPP Control Panel, and when they stopped, I just started them again.

This should now enable https on localhost.

STEP 4: Now test!
Now access https://localhost/ in your browser.

Reference: https://www.youtube.com/watch?v=jKVjpA1Gq6o https://jaswanttak.wordpress.com/2010/04/15/configure-ssl-on-xampp-and-windows/

@Whip
Copy link

Whip commented Feb 9, 2023

See my gist for an updated version of this guide.

https://gist.github.com/Whip/7c19d416690fc697b29715b08d53381b

@AlexandrLichi
Copy link

I get the error file not found for 3 days now and I can’t figure it out. Help me!!!

Signature ok subject=C = AU, ST = Some-State, O = my-site, OU = my-site, CN = my-site.com, emailAddress = admin@my-site.com Getting Private key Не удается найти C:\xampp\apache\.rnd Перемещено файлов: 1. Перемещено файлов: 1.

@filchev-igor
Copy link

filchev-igor commented Apr 6, 2024

All you need is just to replace localhost with 127.0.0.1 during certificate creation (line with the text Common Name (e.g. server FQDN or YOUR name) []:). Rest steps are the same according instruction. And you will have to use 127.0.0.1 all the time

Proof:
Screenshot 2024-04-06 161527

@web-apply
Copy link

web-apply commented Apr 22, 2024

Enabling HTTPS on localhost with XAMPP on Windows involves a few steps. Here's a basic guide to help you set it up:

Generate SSL Certificate:

Open a command prompt with administrative privileges.
Navigate to the apache\bin directory in your XAMPP installation directory. For example:
bash
Copy code
cd C:\xampp\apache\bin

Run the following command to generate a self-signed SSL certificate and key:
csharp
Copy code
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt

Follow the prompts to enter the necessary information (such as country, state, etc.). You can leave most of them blank if you're just setting it up for development purposes.

Configure Apache:

Open the httpd.conf file located in the apache\conf directory of your XAMPP installation.
Find the following lines and ensure they are uncommented (remove the # at the beginning of the lines):
bash
Copy code
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

Save the changes and close the file.

Configure Virtual Host (Optional, but recommended):

Open the httpd-vhosts.conf file located in the apache\conf\extra directory of your XAMPP installation.
Add a virtual host entry for https://localhost/xamp. For example:
csharp
Copy code
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs"
ServerName localhost
SSLEngine on
SSLCertificateFile "C:/xampp/apache/bin/localhost.crt"
SSLCertificateKeyFile "C:/xampp/apache/bin/localhost.key"

Save the changes and close the file.

Restart Apache:

Open the XAMPP Control Panel and stop Apache if it's running.
Start Apache again to apply the changes.

Access via HTTPS:

Open your web browser and navigate to https://localhost.

You may encounter a warning about the SSL certificate being untrusted since it's self-signed. This is expected for a self-signed certificate used in a development environment. You can proceed to access your localhost over HTTPS despite the warning.

By following these steps, you should be able to enable HTTPS on localhost with XAMPP on Windows for secure local development.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment