How to enable HTTPS for WAMP Server.

WampHTTPS.md

After you've downloaded and installed WAMP Server, follow these steps:

1. Generate SSL certificate using OpenSSL:

• Add C:\wamp64\bin\apache\apache2.4.27\bin directory to the PATH so you can access openssl command from the command prompt (WAMP comes with its own version of OpenSSL already integrated, so you don't need to install it. You'll find it in this directory.).

  IMPORTANT: Please note that the path of your installation depends on your version of Apache! DO NOT copy and paste the paths presented in this gist as they will not match with yours!

• Navigate to your user directory (C:\Users\%YOUR_USERNAME%\), create a new folder (.openssl), navigate to it with Powershell and run these commands:

  openssl genrsa -aes256 -out private.key 2048
  openssl rsa -in private.key -out private.key
  openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config c:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
  

• You can pretty much answer the questions any way you want though real answers are best. The one question that really matters here is the FQDN. It should be: localhost.

2. Copy the generated private.key and certificate.crt files from C:\Users\%YOUR_USERNAME%\.openssl to the C:\wamp64\bin\apache\apache2.4.27\conf\key\ folder. If the key folder doesn't already exist, create it.

3. Using a text editor, open C:\wamp64\bin\apache\apache2.4.27\conf\httpd.conf and un-comment following 3 lines:

   LoadModule ssl_module modules/mod_ssl.so
   Include conf/extra/httpd-ssl.conf
   LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
   

4. Now open C:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf and apply the following changes below the <VirtualHost _default_:443> line. Check the following parameters to ensure they are configured correctly and not commented:

   DocumentRoot "c:/wamp64/www"
   ServerName localhost:443
   ServerAdmin admin@example.com
   SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
   ErrorLog "${SRVROOT}/logs/error.log"
   TransferLog "${SRVROOT}/logs/access.log"
   SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
   SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"
   

5. You can add your virtual hosts in the same file (C:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf) by adding the following configuration below the closing </VirtualHost>, for each virtual host:

   <VirtualHost _default_:443>
    
   DocumentRoot "d:/dev/example"
   ServerName example.com:443
   ServerAlias example.org
   ServerAdmin admin@example.com
   ErrorLog "${SRVROOT}/logs/error.log"
   TransferLog "${SRVROOT}/logs/access.log"
   
   SSLEngine on
   SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
   SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"
   
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
       SSLOptions +StdEnvVars
   </FilesMatch>
   
   <Directory "d:/dev/example">
       SSLOptions +StdEnvVars
       Options +Indexes +Includes +FollowSymLinks +MultiViews
       Require all granted
       AllowOverride All
   </Directory>
   
   BrowserMatch "MSIE [2-5]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
   
   CustomLog "${SRVROOT}/logs/ssl_request.log" \
             "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
   
   </VirtualHost>
   

6. You're done! Now, to check the validity of the file, type httpd -t in your command prompt. It will show you if there's any syntax errors. If eveything is fine, restart your WAMP Server and go to https://localhost or https://example.com or whatever virtual hosts you may have.

Please note that you'll get a warning in the browser saying that the certificate is not valid! This is perfectly normal, as the certificate is self-signed. Just add an exception for it and save it in your browser.

Please also note that you can't use valid SSL certificates generated with Let's Encrypt or other free SSL service, because you need to own the domain name that you're trying to validate. These instructions are for localhost development only, we don't need valid certificates for that.

If this was useful, you can buy me a coffee here. Thank you!

Thank you very much! This was most helpful as I was unable to test webpages on localhost using wamp with the latest apache (2.4.46) and the latest browser versions. The browsers appear to be mapping localhost to https://localhost unconditionally, thereby denying access without an SSL certificate.

The only glitch I had was that the 'SSLSessionCache "shmcb:...' line for the httpd-ssl.conf file was flagged as a syntax error by httpd, saying that shmcb wasn't supported. Your recipe worked just fine without this line.

@middevonian Glad this was useful to you! About the SSLSessionCache, this might be due to different version or OS. However, you should stop using WAMP, it's outdated and no longer maintained. You should try XAMP, or better, Docker, instead.

Thanks a lot for your tutorial which is very clear and helpful.
I have just one question about the content of the https-vhosts.conf where I have previously enter the virtual host with wamp menu (<VirtualHost *:80> ServerName .... ). Does It used yet ? or can I delete it because the virtualhost created in httpd-ssl.conf is only required ?

@philgris I'm not sure about that. I believe WAMP will crash if you remove that file. It might be required for non-SSL URLs to work. I use both SSL and non-SSL on my localhost, so I just leave it there.

@philgris I'm not sure about that. I believe WAMP will crash if you remove that file. It might be required for non-SSL URLs to work. I use both SSL and non-SSL on my localhost, so I just leave it there.

Thanks. in doubt I follow your use even if probably http it doesn't used anymore if all url are https. Have a good day. Philippe

Thanks. in doubt I follow your use even if probably http it doesn't used anymore if all url are https. Have a good day. Philippe

If you don't develop React, Vue or Angular sites on localhost, then you probably don't need it. This is why I still keep it. Have a good day as well!

There is another variation for the steps : installing ssl correctly on Wamp

@danieldogeanu I'm having an issue with accessing the page from other devices in the same network. The Required all granted doesn't seem to work for https in my case. Any ideas?

@danieldogeanu I'm having an issue with accessing the page from other devices in the same network. The Required all granted doesn't seem to work for https in my case. Any ideas?

Virtual hosts are available ONLY on localhost! You can't use them in your local network, unless you setup a local DNS server! I don't recommend you doing this! And also, custom domain names MUST be registered legally with a registrar (like Godaddy for example)! I use virtual hosts only to differentiate between multiple local projects, which would otherwise be confusing to work with. You can still reach the server in your network by entering the machine's IP instead of the domain.

@danieldogeanu That's exactly what I'm trying to do. http://MachinesIpAddress works and is reachable by other devices on the same network but https://MachinesIpAddress is not.

@danieldogeanu That's exactly what I'm trying to do. http://MachinesIpAddress works and is reachable by other devices on the same network but https://MachinesIpAddress is not.

It might be that the firewall blocks port 443 or maybe WAMP doesn't listen on port 443 for external requests. I have no idea how you would solve this.

Yes tweaking firewall settings fixed the problem for me.

Yes tweaking firewall settings fixed the problem for me.

Ah, good! I'm glad that you fixed it! 😊

Thanks that helped! :)

Hi dear
after am config done but it's message when am access to link "Your connection is not private" NET::ERR_CERT_AUTHORITY_INVALID.
it is need me to "Proceed to https://mydomain.com (unsafe)".
do have any solution.
thanks,

@vuthysin5284 It's normal to get that warning, the certificate is self-signed! Meaning, it's not signed by a Certification Authority (CA), it tells you in the error code. Since you generated the certificate, you know it's safe, so click on Proceed to https://mydomain.com (unsafe). You'll always get that error for self-signed certificates, and you must save the certificate in your browser! It will always show with yellow exclamation mark.

You can't use something like Let's Encrypt to get free certificates, because you're developing on localhost, and that's not a real domain! You have to own the domain name, and actually set up a server in order to use Let's Encrypt.

Great post. Works like a charm!
It's probalby self explaining, but maybe you should mention that the apache path depends on the version. With an up-to-date default WAMP installation its C:\wamp64\bin\apache\apache2.4.51 and not C:\wamp64\bin\apache\apache2.4.27. Simple copy&paste of your commands will not work than :)

@niklasdahlheimer I thought that was obvious, but yeah, good point! I'll add a note! Glad you made it work!

Dear Daniel
when i run the openssl command in C:\Users\soren.openssl I get this: 'openssl' is not recognized as an internal or external command,
operable program or batch file.
running the commands from C:\wamp64\bin\apache\apache2.4.58\bin then i can run the commands, and when i run the command:
openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config c:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
I get this error:
Error making certificate request
981A0000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto\objects\obj_dat.c:418:
981A0000:error:05800077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:crypto\x509\x509name.c:252:name=countryName_default

@sdj72 You have to add openssl to the path. It's literally the first step! Read the instructions carefully!