GithubDiscordSponsor

[Windows] SSL/HTTPS Certificate with XAMPP

1 - v3.ext:

  • Create a file v3.ext in C:/xampp/apache/ and paste the following content:

v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP = 127.0.0.1

2 - makecert.bat:

  • Edit makecert.bat in C:/xampp/apache/ following the example below:

makecert.bat
@echo off
set OPENSSL_CONF=./conf/openssl.cnf

if not exist .\conf\ssl.crt mkdir .\conf\ssl.crt
if not exist .\conf\ssl.key mkdir .\conf\ssl.key

bin\openssl req -new -out server.csr
bin\openssl rsa -in privkey.pem -out server.key
bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 500 -sha256 -extfile v3.ext

set OPENSSL_CONF=
del .rnd
del privkey.pem
del server.csr

move /y server.crt .\conf\ssl.crt
move /y server.key .\conf\ssl.key

echo.
echo -----
echo The certificate was provided.
echo.
pause

3 - Create the Certificate:

  • Execute the makecert.bat.

  • A window with several questions will appear on the screen which you will need to answer:

Creating the Certificate
Generating a RSA private key
……………………………………………..+++++
……………………………………………………………………………+++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:CREATE A PASSWORD

Verifying - Enter PEM pass phrase:Re-enter the PASSWORD

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Estate
Locality Name (eg, city) []:City 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Name
Organizational Unit Name (eg, section) []: 
Common Name (e.g. server FQDN or YOUR name) []:Name
Email Address []:email@example.com 

Please enter the following 'extra' attributes 
to be sent with your certificate request 
A challenge password []: 
An optional company name []: 
Enter pass phrase for privkey.pem: Re-enter the PASSWORD
writing RSA key 
Signature ok 
subject=C = US, ST = Estate, L = City, O = WebiG, CN = localhost, emailAddress = email@example.com
Getting Private key 
Não foi possível encontrar C:\xampp\apache\.rnd 
    1 arquivo(s) movido(s). 
    1 arquivo(s) movido(s). 

-----
The certificate was provided. 

Press any key to continue. . .

  • With the Certificate created, you need to restart Apache so that it can execute the new certificates.

4 - Install the Certificate:

  • Go to C:\xampp\apache\conf\ssl.crt and open server.crt;

  • Click in the button Install Certificate;

  • Select Actual User;

  • Select “Place all certificates in the following repository” and click “Browse”.

  • In the new window that opens, select “Trusted Root Certification Authorities” and click “Ok” and then click “Next” and finally “Finish”.

  • To conclude, restart Apache in the XAMPP Administrative Panel, that is, stop and start it again.

  • If everything worked, when updating https://localhost or https://127.0.0.1 in the browser, the lock should be activated and the page loaded.

5 - Changing Apache and SSL VirtualHost Port:

  • To change Apache Port to 8080, go to C:\xampp\apache\conf\ and edit httpd.conf:

  • Find for:

  • Listen 80

  • Change to:

  • Listen 8080

  • To change the SSL VirtualHost Port to 8080, go to C:\xampp\apache\conf\extra and edit httpd-ssl.conf:

  • Comment this VirtualHost:

#<VirtualHost _default_:443>

  • Add this VirtualHost below:

<VirtualHost *:443 *:8080>

  • Then the SSL/HTTPS will work with Port 8080.

  • Restart Apache in the XAMPP Administrative Panel.

6 - Credits:

  • WEBIG

  • Majesty (Apache and SSL VirtualHost Port)

Last updated