Until now, I never used HTTPS for local development domains. Now I had to use it for a project, and here is how to get it working on XAMPP with virtual hosts.
Update from May 31, 2018: Before the update, I described the creation of an SSL certificate as the first necessary step before setting up the virtual host. But your browser will display a warning regardless if there is a self-created cert or not, so I removed this part. You need to add your local site as an exception to not get the warning every time.
Update from June 1, 2018: Seems that you need the cert file, otherwise apache will not start, so I added this part back to the post.
Two steps are necessary for the solution:
- Creating an SSL certificate.
- Set up the virtual host.
The requirement is (of course) XAMPP.
Creating an SSL certificate
A good tutorial about creating a cert is on robsnotebook.com. It is from 2007, but works. To create a certificate, you can follow these steps on the command line:
- Go to the Apache directory
- Enter a PEM passphrase and the other information you are asked for. For Common Name, you should enter the domain you want to use for the virtual host, so the certificate is signed for that domain.
- After processing all steps, you maybe want to import the cert into your browser (it lives under
C:/xampp/apache/conf/ssl.crt/server.crt). Nevertheless, you will get a warning about insecure self-signed certificate after loading your website – you need to add it as an exception.
Set up virtual host with HTTPS
Entry in the Windows hosts file
To let Windows know, for example, that the domain
florianbrinkmann.dev should point to the IP address
127.0.0.1 (localhost), we have to insert an entry in the Windows
hosts file. The file can be found in
C:\Windows\System32\drivers\etc. To edit it, you need admin privileges (search for the editor in Windows, right-click on it and choose Run as administrator).
At the end of the
hosts file, add an entry with the following pattern:
You have to replace the domain with your own development domain. Afterwards, you can save and close the file.
Creating the Virtual Host in Apache
The virtual hosts in Apache can be found in the
C:\xampp\apache\conf\extra\httpd-vhosts.conf file. Open the file and insert an entry according to the following pattern (an answer from stackoverflow.com was very helpful – the related question also, it brought me to the article on SSL certificate setup):
<VirtualHost florianbrinkmann.dev:80> DocumentRoot "C:\xampp\htdocs\florianbrinkmann.dev" ServerName florianbrinkmann.dev <Directory "C:\xampp\htdocs\florianbrinkmann.dev"> Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost florianbrinkmann.dev:443> DocumentRoot "C:\xampp\htdocs\florianbrinkmann.dev" ServerName florianbrinkmann.dev SSLEngine On SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/server.crt" SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/server.key" <Directory "C:\xampp\htdocs\florianbrinkmann.dev"> Order allow,deny Allow from all </Directory> </VirtualHost>
Here you have to adjust the settings for
Directory, and the domain in the
VirtualHost element. The first
VirtualHost is for HTTP connections, the second for HTTPS connections.
Maybe you have to uncomment the following line in the
LoadModule ssl_module modules/mod_ssl.so
Now you can restart Apache and open your site with HTTPS (including browser warning…).