Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Guide to configure SSL in XAMPP for Windows

How to test 'https' in XAMPP for localhost ? I will guide you

Menu

  • Create certificate
  • Config Apache to access https instead of http
  • Config mod rewrite to generate SSL url
  • Config Virtual host to test site

Step 1 : Create certificate

  • Go to your XAMPP installation directory (in my case it’s E:\xampp), figure out apache folder. In this, find & run batch file named makecert.bat

    Step 1 image

  • A CMD window will appear like that, this is where you setup your certificate to verify your website. All you need is only typing all information that ‘s very easy, except one information “Common Name”, at this you must be typed exactly your URL website. For example in localhost, I will use a Virtual host URL (I will configure it later)

    Step 1.2 image

Step 2 : Config Apache to access https instead of http

  • Now this is time for you to config Apache to access folders with “https” instead of “http”. First, we will force ssl when access folders by add this directive “SSLRequireSSL” in this config file (e:\xampp\apache\conf\extra\httpd-xampp.conf)

    Step 4 image

  • Open this and add line that I talked above in all list folders below :

    • e:\xampp\phpmyadmin
    • e:\xampp\htdocs\xampp
    • e:\xampp\webalizer
    • e:\xampp\security\htdocs
  • Another config file that also need directive SSLRequireSSL located in e:\xampp\webdav.

Step 3: Config mod_rewrite to generate SSL url

  • This next optional step is to redirect “http” requests to “https” requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).

  • First, we need to make sure that mod_rewrite is enabled. To do this, edit E:\xampp\apache\conf\httpd.conf and get rid of the comment (# character) in this line : #LoadModule rewrite_module modules/mod_rewrite.so Make it look like this : LoadModule rewrite_module modules/mod_rewrite.so

    Step 5 image

  • Now paste all this text to the config file at address E:\xampp\apache\conf\extra\httpd-xampp.conf(That is rewrite URL, if not, you can't access your site via SSL):

    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        # Redirect /xampp folder to https
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} xampp
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
    
        # Redirect /phpMyAdmin folder to https
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} phpmyadmin
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
    
        # Redirect /security folder to https
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} security
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
    
        # Redirect /webalizer folder to https
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} webalizer
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
    
        # Redirect /folder_name folder to https
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} folder_name
        RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
    
    </IfModule>
    

Step 4 : Config Virtual host to test site

It’s time to config a virtual host to make a better URL to access our project. So, let’s go to file at address : E\xampp\apache\conf\extra\httpd-vhosts.conf Create new virtual config as following sample :

  • VirtualHost *:443 : This is port to run SSL

  • DocumentRoot : Point to your project folder

  • SSLEngine on : Turn on SSL

  • SSLCertificateFile : Just copy, don’t modified it because in step create certificate, XAMPP will auto put your certificate in appropriate folder.

  • SSLCertificateKeyFile : Same as SSLCertificateFile.

    After all, if you configure everything correctly, it will show you result like this :

    Last image

@tucq88

This comment has been minimized.

Copy link

@tucq88 tucq88 commented Nov 22, 2016

Great stuff

@acv-hoanx

This comment has been minimized.

Copy link

@acv-hoanx acv-hoanx commented Apr 25, 2017

Thanks!

@fstalla

This comment has been minimized.

Copy link

@fstalla fstalla commented May 15, 2017

Sorry, I can't make any sense of what you're trying to say in Step 2.

@afroguy16

This comment has been minimized.

Copy link

@afroguy16 afroguy16 commented Jun 24, 2017

Same here

@muzafarali

This comment has been minimized.

Copy link

@muzafarali muzafarali commented Sep 6, 2017

what is in Step 2 ?

@thdoan

This comment has been minimized.

Copy link

@thdoan thdoan commented Sep 28, 2017

For those unclear about step 2, see https://stackoverflow.com/questions/20730778/how-to-enable-ssl-only-on-specified-xampp-directories

Add SSLRequireSSL in each <Directory ...> tag for the directories listed.

@zaguiini

This comment has been minimized.

Copy link

@zaguiini zaguiini commented Oct 3, 2017

I don't get it.

@milliephanillie

This comment has been minimized.

Copy link

@milliephanillie milliephanillie commented Oct 20, 2017

where is the file location of the crt file you created? in step 1?

@AlecZine

This comment has been minimized.

Copy link

@AlecZine AlecZine commented Oct 23, 2017

@mephilip C:\xampp\apache\conf ssl.key / ssl.crt

@Miguelslo27

This comment has been minimized.

Copy link

@Miguelslo27 Miguelslo27 commented Dec 15, 2017

Very poor tutorial, you need to, at least, show how the file should look like after the settings you are talking about are added in each step.

Any way, a very starting point to go through.
Thanks.

@waheed1987

This comment has been minimized.

Copy link

@waheed1987 waheed1987 commented Dec 23, 2017

Dear Miguelslo27,
Do you know any better (and of course working) tutorial?
I am still unable to make my virtual host https based

@modeone1

This comment has been minimized.

Copy link

@modeone1 modeone1 commented Feb 6, 2018

I will be up front. I'm a newbie, a neophyte, the boss fired our web guy and now I do this against my will and better judgement. I am making headway and now just need to figure out how to redirect http to https. I actually think this tutorial is onto something....can someone - anyone - for the love of god - please tell me what this person is trying to say in step 2?

@Muhammadsufyan1

This comment has been minimized.

Copy link

@Muhammadsufyan1 Muhammadsufyan1 commented Mar 14, 2018

i got it the certificate is applied but the insecure visible
sni

@danthom88

This comment has been minimized.

Copy link

@danthom88 danthom88 commented Mar 25, 2018

Thanks for bricking my xampp with your terrible tutorial.

Especially love the last part 'Just copy, don’t modified it because in step create certificate, XAMPP will auto put your certificate in appropriate folder.'

Copy what? A bullet list? I reversed everything and it's still bricked. Don't use this crap guide.

@binodpal

This comment has been minimized.

Copy link

@binodpal binodpal commented Apr 20, 2018

Please tell me.... how i complete step 2 ?

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Apr 26, 2018

I would add these lines on virtualhost:

    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"
@anthonyattard

This comment has been minimized.

Copy link

@anthonyattard anthonyattard commented May 2, 2018

Did not work for me.

@songangel72

This comment has been minimized.

Copy link

@songangel72 songangel72 commented May 9, 2018

Even after clarification in some of the comments, this does not work. Both Chrome and Firefox will not allow viewing of the pages locally stating that the connection is not private. I am not sure how to set this up for my dev environment without a "real" cert.

@lusareal

This comment has been minimized.

Copy link

@lusareal lusareal commented May 10, 2018

Nguyenanhtu... thanks for you time and tutorial but... please, make a fresh install of xampp and try to realize all your steps of your guide and you will see what is wrong and why ppl is so angry... Probably you have an old one and its work fine but not with new xampp installs.

Or probably something is missing to add to thus guide.

@azzazkhan

This comment has been minimized.

Copy link

@azzazkhan azzazkhan commented May 22, 2018

What a terrible guide, you should've made visual reference for adding derivatives I've done all the steps but my server crashed. You should've explained everything in more details.

@Dibort

This comment has been minimized.

Copy link

@Dibort Dibort commented Jun 18, 2018

Sad this is on the firsts results of google

@ScottyCompton

This comment has been minimized.

Copy link

@ScottyCompton ScottyCompton commented Jul 19, 2018

Dude! This tutorial BLOWS!! I'm a career web designer and I can't understand what you're talking about. You need to either take the time to clean up this mess so you don't cause any more mayhem, or you need to take this offline.

@ghazniali95

This comment has been minimized.

Copy link

@ghazniali95 ghazniali95 commented Sep 7, 2018

Wasted my time!

@t-k-c

This comment has been minimized.

Copy link

@t-k-c t-k-c commented Oct 12, 2018

I can't believe this. I dont understand anything from the second step. Its so poorly explained

@metalsadman

This comment has been minimized.

Copy link

@metalsadman metalsadman commented Oct 15, 2018

I believe this is the original post that this guy got it from. http://robsnotebook.com/xampp-ssl-encrypt-passwords

@samvschantz

This comment has been minimized.

Copy link

@samvschantz samvschantz commented Jan 7, 2019

Some help for Step 2:

In the file apache\conf\extra\httpd-xampp.conf there are multiple Directory configs. They start with the tag <Directory "pathname"> and ending with . Below are the pathnames for the configs that need to be edited from this file:

  • e:\xampp\phpmyadmin
  • e:\xampp\htdocs\xampp
  • e:\xampp\webalizer

To edit simply add:

SSLRequireSSL

before the closing tag:

@ayandyan

This comment has been minimized.

Copy link

@ayandyan ayandyan commented Feb 13, 2019

This actually worked for me. Just putting down notes below that might help:

Step 1: FYI - The generated .crt & .key will be stored in C:\xampp\apache\conf\ssl.crt and C:\xampp\apache\conf\ssl.key folders respectively. No need to move them, but you will need to tell your httpd-vhosts.conf file where they are (Step 4).

Step 2: My httpd-xampp.conf results:

<Directory "C:/xampp/htdocs/xampp">
    <IfModule php7_module>
    	<Files "status.php">
    		php_admin_flag safe_mode off
    	</Files>
    </IfModule>
    AllowOverride AuthConfig
    SSLRequireSSL
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
        AllowOverride AuthConfig
        Require local
        ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
        SSLRequireSSL
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
    <IfModule php7_module>
        <Files "webalizer.php">
            php_admin_flag safe_mode off
        </Files>
    </IfModule>
    AllowOverride AuthConfig
    Require local
    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
    SSLRequireSSL
</Directory>

Step 3: I didn't do as I didn't need/want the force redirects.

Step 4: My httpd-vhosts.conf results:

<virtualhost *:443>
    ServerAdmin webmaster@awesomesite.localhost.com
    DocumentRoot "C:/xampp/htdocs/awesomesite/" 
    ServerName awesomesite.localhost.com
    ServerAlias www.awesomesite.localhost.com 
    ErrorLog "logs/awesomesite.localhost.com-error.log" 
    CustomLog "logs/awesomesite.localhost.com-access.log" common

    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"
</virtualhost>

Note that chrome will indicate that the URL is Note Secure. This is normal for a non-verified cert.

@tntmeijs

This comment has been minimized.

Copy link

@tntmeijs tntmeijs commented Mar 7, 2019

@ayandyan Thank you kindly. This configuration works great! :D

Your instructions were clear and concise. Thanks a lot, your comment has saved me a lot of time.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Mar 12, 2019

Great work, but it's poorly explained..!

@waheed1987

This comment has been minimized.

Copy link

@waheed1987 waheed1987 commented Apr 16, 2019

This site worked for me, nothing else, maybe I am dumb, but this site is very simple

https://ssl.indexnl.com/

@DavidWalley

This comment has been minimized.

Copy link

@DavidWalley DavidWalley commented Apr 17, 2019

@ayandyan - How about writing another tutorial on this subject? You seem to have done half of the work already and yours is the simplest explanation by far. Giving examples - what a breakthrough :-) Many thanks.

@Darkonnen

This comment has been minimized.

Copy link

@Darkonnen Darkonnen commented Aug 15, 2019

@DavidWalley Here is the original document the thread starter copied: http://robsnotebook.com/xampp-ssl-encrypt-passwords

This posters command of English is clearly not the best. You can tell because alot is left open to interpretation. I don't understand why they went about butching the original documentation for brevity as this creates issues for anyone trying to follow it to the letter.

@GitKat

This comment has been minimized.

Copy link

@GitKat GitKat commented Nov 26, 2019

Can we vote to delete this so called "Guide to HTTPS" .
You are guiding us in air. youre flying.

@tcasaldan

This comment has been minimized.

Copy link

@tcasaldan tcasaldan commented Dec 4, 2019

Great article! I'm searching the internet just to find an article that would be very helpful and interesting. This article helps me a lot for my lesson and discussion and I recommend it to the students of the Top universities in the Philippines.

@gpashis

This comment has been minimized.

Copy link

@gpashis gpashis commented Feb 4, 2020

@ayandyan Thank you. Your simple explanation works fine.

@bArraxas

This comment has been minimized.

Copy link

@bArraxas bArraxas commented Mar 25, 2020

I have some problem with this tutorial :

  1. myVirtualHost is unknowed.
    -> edit "hosts" file in "C:\Windows\System32\drivers\etc"
    -> add this line : "127.0.0.1 myVirtualHost" and save
    -> no need to restart anything just refresh the page in browser
    -> Why isn't it described in tutorial ?

  2. The https://myVirtualHost doesn't work properly. Apache show me the "C:/xampp/htdocs/index.php" at place of my "C:/xampp/htdocs/myApplication/public"
    Here my VirtualHost declaration :
    <VirtualHost *:433>
    ServerName myVirtualHost
    DocumentRoot "C:/xampp/htdocs/myApplication/public"
    ErrorLog "logs/myApplication-error.log"
    CustomLog "logs/myApplication-access.log" common
    SSLEngine on
    SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/server.key"
    </VirtualHost>

I have find an awfull fix :
-> open file "C:/xampp/apache/conf/extra/httpd-ssl.conf"
->edit line 124 (before : DocumentRoot "C:/xampp/htdocs") (after : DocumentRoot "C:/xampp/htdocs/myApplication/public")

But i'm interesting if someone can explain why apache ignore my virtualhost declaration ;)

@avmalexisl

This comment has been minimized.

Copy link

@avmalexisl avmalexisl commented May 14, 2020

Without going deep I can note that your secure port is wrong <VirtualHost *:433>, it should be <VirtualHost *:443>, but I'm sure you already not this.
Hope it helps @bArraxas
By the way i couldn't make it through this tutorial neither.

@ligantx

This comment has been minimized.

Copy link

@ligantx ligantx commented May 17, 2020

after followed this tutorial and tried a ton of things, i found another tutorial to work better (especially with certificate issues), i also had to add my website folder which is outside of xampp folder, so i had to add more things..
for more details click here

@Willard44

This comment has been minimized.

Copy link

@Willard44 Willard44 commented Jun 19, 2020

Hi, I managed to follow the instructions until Step 4, this was unclear to me how to write the code so the comments above (bArraxas and others!) helped. But now I get "Warning: mysqli_real_connect(): (HY000/2002): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\whweb\wp-includes\wp-db.php on line 1626" which I don't understand:
image

wp-db.php shows:
image
so I continued to the articles linked by ligantx and Darkonnen. Great investigation!

@soljohnston777

This comment has been minimized.

Copy link

@soljohnston777 soljohnston777 commented Jun 20, 2020

More direct tutorial below, still looking for an even better one!
https://gist.github.com/adnan360/ad2b1cfc44114ac6f91fbb668c76798d

@ImanEmadi

This comment has been minimized.

Copy link

@ImanEmadi ImanEmadi commented Oct 8, 2020

worst tutorial ever

@ligantx

This comment has been minimized.

Copy link

@ligantx ligantx commented Oct 8, 2020

worst tutorial ever

I'll tell you a secret.. make a better one :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.