HTTPS with virtual hosts on XAMPP

Until now, I never used HTTPS for local development domains. Now I had to use it for a project, and here is how to get it working on XAMPP with virtual hosts.

Two steps are necessary for the solution:

  1. Creating an SSL certificate.
  2. Set up the virtual host.

The requirement is (of course) XAMPP.

Creating an SSL certificate

A good tutorial about creating a cert is on robsnotebook.com. It is from 2007, but works. To create a certificate, you can follow these steps on the command line:

  1. Go to the Apache directory C:\xampp\apache.
  2. Run makecert.
  3. Enter a PEM passphrase and the other information you are asked for. For Common Name, you should enter the domain you want to use for the virtual host, so the certificate is signed for that domain.
  4. After processing all steps, you maybe want to import the cert into your browser (it lives under C:/xampp/apache/conf/ssl.crt/server.crt). Nevertheless, you will get a warning about insecure self-signed certificate after loading your website – you need to add it as an exception.

Set up virtual host with HTTPS

Entry in the Windows hosts file

To let Windows know, for example, that the domain florianbrinkmann.dev should point to the IP address 127.0.0.1 (localhost), we have to insert an entry in the Windows hosts file. The file can be found in C:\Windows\System32\drivers\etc. To edit it, you need admin privileges (search for the editor in Windows, right-click on it and choose Run as administrator).

At the end of the hosts file, add an entry with the following pattern:

127.0.0.1 florianbrinkmann.dev

You have to replace the domain with your own development domain. Afterwards, you can save and close the file.

Creating the Virtual Host in Apache

The virtual hosts in Apache can be found in the C:\xampp\apache\conf\extra\httpd-vhosts.conf file. Open the file and insert an entry according to the following pattern (an answer from stackoverflow.com was very helpful – the related question also, it brought me to the article on SSL certificate setup):

<VirtualHost florianbrinkmann.dev:80>
	DocumentRoot "C:\xampp\htdocs\florianbrinkmann.dev"
	ServerName florianbrinkmann.dev
	<Directory "C:\xampp\htdocs\florianbrinkmann.dev">
	Order allow,deny
	Allow from all
	</Directory>
</VirtualHost>

<VirtualHost florianbrinkmann.dev:443>
	DocumentRoot "C:\xampp\htdocs\florianbrinkmann.dev"
	ServerName florianbrinkmann.dev
	SSLEngine On
	SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/server.crt"
	SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/server.key"
	<Directory "C:\xampp\htdocs\florianbrinkmann.dev">
	Order allow,deny
	Allow from all
	</Directory>
</VirtualHost>

Here you have to adjust the settings for DocumentRoot, ServerName, Directory, and the domain in the VirtualHost element. The first VirtualHost is for HTTP connections, the second for HTTPS connections.

Maybe you have to uncomment the following line in the C:\xampp\apache\conf\httpd.conf:

LoadModule ssl_module modules/mod_ssl.so

Now you can restart Apache and open your site with HTTPS (including browser warning…).

Related posts

Leave a Comment

Your email address will not be published. Required fields are marked *