Creating and Installing a Certificate on XAMPP

(For MAMP click here)

Certificates can be used to encrypt any data that is sent between web browsers and servers. This helps ensure that the data remains secure (and cannot be intercepted as it moves between the two).

When developing sites locally (on your own computer), you want to ensure that the environment is as close as possible to that of the web server, and installing a certificate will help mirror web servers that use them.

To obtain a certificate for a website, you go to a Certificate Authority. When working locally, you need to create the certificate yourself, then tell Apache how to use it.

This page will describe how to:

  • Create a certificate
  • Configure XAMPP so Apache can use it

Creating the Certificate

The first step is creating the certificate that the server can use. Navigate to the folder where XAMPP was installed, and look inside the apache folder. Typically the path to this folder is:


In that folder, you should see a file called makecert.bat.

Screen shot Windows Explorer open to the C:/xampp/apache folder with a file called makecert.bat highlighted.

Double click on the makecert.bat file and a command line window will open up asking you some questions.

The first question is for a password for your certificate's key. They call it a PEM pass phrase. You must remember this because you will be asked it again before finishing the process.

Then it asks for your your:

  • Country name (two letter code)
  • State or province (full name)
  • Locality name (e.g. city)
  • Organization name (e.g. company)
  • Server name (common name - this is usually localhost)
  • Email address

It may ask for a challenge password (typically, these are used by Certificate Authorities if they need to confirm your identity) and will then ask the passphrase you set as the first entry.

When you have completed this, it will have added two files to the apache folder:

  • C:\xampp\apache\conf\ssl.crt
  • C:\xampp\apache\conf\ssl.key
Screen shot of the command line asking questions regarding the certificate.

Configuring Apache to Use the Certificate

Next, you have to configure Apache to use the new certificate that you just created.

Open Windows Explorer and go to the following directory:


Then find the file called httpd-vshosts.conf and open it in your favourite code editor.

Add the entry shown on the right, making sure that the path to your htdocs folder is correct.

Then restart Apache using the XAMPP Control Panel.

<VirtualHost *:443>
    DocumentRoot "C:/xampp/htdocs"
    ServerName localhost
    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/server.crt"
    SSLCertificateKeyFile "conf/ssl.key/server.key"
    ErrorLog "logs/localhost-error.log"
    CustomLog "logs/localhost-access.log" combined
    <Directory "C:/xampp/htdocs">
        Require all granted    

Now, you should be able to use https://localhost/ to request files using SSL locally.

Because you created the certificate youself, and the browser cannot verify it with a Certificate Authority, the browser will probably warn you that the site is not secure.

You will need to tell it that you are happy to continue to localhost (in most browsers, this requires clicking on an option for advanced settings).

You can then proceed to use the site with the SSL installed.

If you were using a port number in your URL, you may need to update this to 443, rather than 80.