Setting up a self-signed SSL certificate for localhost when using XAMPP on Windows

Often it is necessary to be able to test with SSL in a development environment, as sometimes things just wont work without SSL, especially now that some browsers such as Chrome are becoming more insistent on security being done properly. It therefore became necessary for me to work out how to setup a self-signed SSL certificate for localhost with my XAMPP install on Windows. I was unable to find any such instructions on the Apache Friends website, so after reading a little, I muddled through and this is what I did for my setup on Windows.

Note: I run a whole lot of WordPress instances but I use localhost to access them, ie I use say http://localhost/wordpresstest, so I don’t have virtual hosts setup to access it like http://wordpresstest.com.au. As such these instructions work for when you have your web content in the default htdocs folder and are just using localhost to access all web content.

The 6 Step Process

 

Step 1 – Editing Config


Open C:\xampp\php\php.ini

For the SSL we are going to use openssl, so we need to make sure that the openssl line is not commented out. Ie remove the semi colon (;) in front of the line

extension=openssl

Save.

Now, open: C:\xampp\apache\conf\httpd.conf

Make sure that the rewrite_module is uncommented (ie no semi colon at the start of the line). For me, it was already uncommented.

LoadModule rewrite_module modules/mod_rewrite.so

Step 2 – Prepare for V3 Certificate


In C:\xampp\apache create a file named V3.ext with the following content:

subjectAltName = @alt_names
[alt_names]
subjectAltName = @alt_names
[alt_names]
DNS.1 =localhost
DNS.2 =127.0.0.1

Then edit C:\xampp\apache\makecert.bat (open with something other than notepad.exe) and change line 9 from:

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

to read:

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 -extfile v3.ext

ie add -extfile v3.ext to the end of the line.

Step 3 – Create the Certificate


Open a command prompt (eg from the Windows start mennu type cmd in Windows search) then enter

cd /D C:\xampp\apache

Assuming you have installed xampp in C:\xampp\apache

Now enter:

makecert

Now you should see this:

C:\xampp\apache>makecert
Generating a RSA private key
............................++++++
.....................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:

Enter in a pass phrase for decrypting your private server key, and press Enter. Eg I love to code

It will say:

Verifying - Enter PEM pass phrase:

Enter the passphrase again, press enter. Now you will see this:

-----
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:

I am in Australia so I just pressed enter to use AU as the default

For some fields you can just press enter to skip the field. They are not necessary for the certificate to work.

State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:

For State, and Locality I pressed enter to use the defaults []. For Organization I chose to enter . so it would be left blank.

For Common Name enter localhost. It is important that this common name match the address that goes into a
browser, otherwise you will get extra warnings when navigating to your secure web pages. In my case this is localhost.

Common Name (e.g. server FQDN or YOUR name) []:

So enter localhost and then press enter.

Then it will say this:

Email Address []:

Enter your email address and press enter.
Then:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

You can safely skip these inputs by pressing enter.

Then it will say:

Enter pass phrase for privkey.pem:
Enter the passphrase that you chose earlier ie I love to code or whatever you entered.

This should succeed with a message:

writing RSA key
Signature ok
subject= C = AU, ST = Some-State, CN=localhost, emailAddress = youremail@yourdomain.com.au
Getting Private key
1 file(s) moved.
1 file(s) moved.


-----
Das Zertifikat wurde erstellt.
The certificate was provided.

Press any key to continue . . .

You are now finished creating your SSL certificate and private key. When we ran makecert, it actually ran a
makecert.bat script. The makecert.bat script will move your server private key and certificates in the
appropriate directories for you.
Eg C:\xampp\apache\conf\ssl.crt\server.crt
and C:\xampp\apache\conf\ssl.key\server.key

Step 4 – Install the Certificate


Go to start menu, type the following and press enter:

certmgr.msc

Double click “Trusted Root Certification Authorities”. Right click “Certificates”, choose All Tasks ->
Import…

Certificate Manager

certificate import wizard

Click Next.

It will ask you to choose the certificate file. Click Browse and choose C:\xampp\apache\conf\ssl.crt
\server.crt

certificate import wizard - cert file step 1

Click Next.

certificate import wizard - step 2 next
Next again,

certificate import wizard - step 3 finish
then Finish.

This will bring you a message. Click Yes.

certificate import wizard - step 4 security warning
Then it should say Import was successful.

certificate import wizard - step 5 successful
Click OK.

Step 5 – Restart XAMPP Services


From the XAMPP Control Panel, click stop if and then once they are stopped, click start again.

This should enable https on localhost.

Step 6 – Test and Fix Firefox


Access https://localhost in your browser.

I found that it worked first time for Chrome, IE11, Safari 5.1.7 and Edge Version 87.0.664.66 but for Firefox you get a warning message about a potential security threat, due to the fact localhost is using a self-signed certificate.

localhost uses an invalid security certificate.

The certificate is not trusted because it is self-signed.

Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

Firefox warning potential security risk

The way I found to fix this was to add a certificate exception in the Firefox settings:

Click on  Tools menu then Options
Click on Privacy & Security
scroll down to Certificates (almost at the bottom)

View Certificates in Firefox

click on “View Certificates” button

Firefox certificate manager
on the “Servers” tab click “Add Exception” button

Firefox certificate manager - add exception
enter https://localhost and click “Get Certificate”

Firefox certificate manager - add exception warning

You get a warning message then, click “Confirm Security Exception”

After adding the certificate exception for localhost, it should now look something like this.

Firefox certificate manager after adding

When you now try to access https://localhost you will still see a warning over the padlock but it now works.

Firefox warning

 

Related Reading

As reference I used “Use HTTPS on Localhost (XAMPP, Windows).”

Leave a Reply

Your email address will not be published. Required fields are marked *