Creating and Installing a Certificate on XAMPP
Certificates can be used to encrypt any data that is sent between web browsers and servers. This helps ensure that the data remains secure (and cannot be intercepted as it moves between the two).
When developing sites locally (on your own computer), you want to ensure that the environment is as close as possible to that of the web server, and installing a certificate will help mirror web servers that use them.
To obtain a certificate for a website, you go to a Certificate Authority. When working locally, you need to create the certificate yourself, then tell Apache how to use it.
This page will describe how to:
- Create a certificate
- Configure XAMPP so Apache can use it
Creating the Certificate
The first step is creating the certificate that the server can use. Navigate to the folder where XAMPP was installed, and look inside the
apache folder. Typically the path to this folder is:
In that folder, you should see a file called
Double click on the
makecert.bat file and a command line window will open up asking you some questions.
The first question is for a password for your certificate's key. They call it a PEM pass phrase. You must remember this because you will be asked it again before finishing the process.
Then it asks for your your:
- Country name (two letter code)
- State or province (full name)
- Locality name (e.g. city)
- Organization name (e.g. company)
- Server name (common name - this is usually
- Email address
It may ask for a challenge password (typically, these are used by Certificate Authorities if they need to confirm your identity) and will then ask the passphrase you set as the first entry.
When you have completed this, it will have added two files to the
Configuring Apache to Use the Certificate
Next, you have to configure Apache to use the new certificate that you just created.
Open Windows Explorer and go to the following directory:
Then find the file called
httpd-vshosts.conf and open it in your favourite code editor.
Add the entry shown on the right, making sure that the path to your
htdocs folder is correct.
Then restart Apache using the XAMPP Control Panel.
<VirtualHost *:443> DocumentRoot "C:/xampp/htdocs" ServerName localhost SSLEngine on SSLCertificateFile "conf/ssl.crt/server.crt" SSLCertificateKeyFile "conf/ssl.key/server.key" ErrorLog "logs/localhost-error.log" CustomLog "logs/localhost-access.log" combined <Directory "C:/xampp/htdocs"> Require all granted </Directory> </VirtualHost>
Now, you should be able to use
https://localhost/ to request files using SSL locally.
Because you created the certificate youself, and the browser cannot verify it with a Certificate Authority, the browser will probably warn you that the site is not secure.
You will need to tell it that you are happy to continue to localhost (in most browsers, this requires clicking on an option for advanced settings).
You can then proceed to use the site with the SSL installed.
If you were using a port number in your URL, you may need to update this to 443, rather than 80.