Often it is necessary to be able to test with SSL in a development environment, as sometimes things just wont work without SSL, especially now that some browsers such as Chrome are becoming more insistent on security being done properly. It therefore became necessary for me to work out how to setup a self-signed SSL certificate for localhost with my XAMPP install on Windows. I was unable to find any such instructions on the Apache Friends website, so after reading a little, I muddled through and this is what I did for my setup on Windows.
Note: I run a whole lot of WordPress instances but I use localhost to access them, ie I use say
http://localhost/wordpresstest, so I don’t have virtual hosts setup to access it like
http://wordpresstest.com.au. As such these instructions work for when you have your web content in the default htdocs folder and are just using localhost to access all web content.
The 6 Step Process
- Step 1 – Editing Config
- Step 2 – Prepare for V3 Certificate
- Step 3 – Create the Certificate
- Step 4 – Install the Certificate
- Step 5 – Restart XAMPP Services
- Step 6 – Test and Fix Firefox
Step 1 – Editing Config
For the SSL we are going to use openssl, so we need to make sure that the openssl line is not commented out. Ie remove the semi colon (;) in front of the line
Make sure that the rewrite_module is uncommented (ie no semi colon at the start of the line). For me, it was already uncommented.
Step 2 – Prepare for V3 Certificate
C:\xampp\apache create a file named V3.ext with the following content:
subjectAltName = @alt_names
subjectAltName = @alt_names
C:\xampp\apache\makecert.bat (open with something other than notepad.exe) and change line 9 from:
bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 -extfile v3.ext
Step 3 – Create the Certificate
Open a command prompt (eg from the Windows start mennu type cmd in Windows search) then enter
cd /D C:\xampp\apache
Assuming you have installed xampp in
Now you should see this:
Generating a RSA private key
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Enter in a pass phrase for decrypting your private server key, and press Enter. Eg I love to code
It will say:
Verifying - Enter PEM pass phrase:
Enter the passphrase again, press enter. Now you will see this:
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
I am in Australia so I just pressed enter to use AU as the default
For some fields you can just press enter to skip the field. They are not necessary for the certificate to work.
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) :
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) :
For State, and Locality I pressed enter to use the defaults . For Organization I chose to enter
. so it would be left blank.
For Common Name enter localhost. It is important that this common name match the address that goes into a
browser, otherwise you will get extra warnings when navigating to your secure web pages. In my case this is localhost.
Common Name (e.g. server FQDN or YOUR name) :
So enter localhost and then press enter.
Then it will say this:
Email Address :
Enter your email address and press enter.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
You can safely skip these inputs by pressing enter.
Then it will say:
Enter pass phrase for privkey.pem:
Enter the passphrase that you chose earlier ie
I love to code or whatever you entered.
This should succeed with a message:
writing RSA key
subject= C = AU, ST = Some-State, CN=localhost, emailAddress = firstname.lastname@example.org
Getting Private key
1 file(s) moved.
1 file(s) moved.
Das Zertifikat wurde erstellt.
The certificate was provided.
Press any key to continue . . .
You are now finished creating your SSL certificate and private key. When we ran makecert, it actually ran a
makecert.bat script. The makecert.bat script will move your server private key and certificates in the
appropriate directories for you.
Step 4 – Install the Certificate
Go to start menu, type the following and press enter:
Double click “Trusted Root Certification Authorities”. Right click “Certificates”, choose All Tasks ->
It will ask you to choose the certificate file. Click Browse and choose
This will bring you a message. Click Yes.
Step 5 – Restart XAMPP Services
From the XAMPP Control Panel, click stop if and then once they are stopped, click start again.
Step 6 – Test and Fix Firefox
https://localhost in your browser.
I found that it worked first time for Chrome, IE11, Safari 5.1.7 and Edge Version 87.0.664.66 but for Firefox you get a warning message about a potential security threat, due to the fact localhost is using a self-signed certificate.
localhost uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
The way I found to fix this was to add a certificate exception in the Firefox settings:
Click on Tools menu then Options
Click on Privacy & Security
scroll down to Certificates (almost at the bottom)
click on “View Certificates” button
You get a warning message then, click “Confirm Security Exception”
After adding the certificate exception for localhost, it should now look something like this.
When you now try to access
https://localhost you will still see a warning over the padlock but it now works.
As reference I used “Use HTTPS on Localhost (XAMPP, Windows).”