HTTPS with virtual hosts on XAMPP

Until now, I never used HTTPS for local development domains. Now I had to use it for a project, and here is how to get it working on XAMPP with virtual hosts.

Update from May 31, 2018: Before the update, I described the creation of an SSL certificate as the first necessary step before setting up the virtual host. But your browser will display a warning regardless if there is a self-created cert or not, so I removed this part. You need to add your local site as an exception to not get the warning every time.

Update from June 1, 2018: Seems that you need the cert file, otherwise apache will not start, so I added this part back to the post.

Two steps are necessary for the solution:

  1. Creating an SSL certificate.
  2. Set up the virtual host.

The requirement is (of course) XAMPP.

Creating an SSL certificate

A good tutorial about creating a cert is on robsnotebook.com. It is from 2007, but works. To create a certificate, you can follow these steps on the command line:

  1. Go to the Apache directory C:\xampp\apache.
  2. Run makecert.
  3. Enter a PEM passphrase and the other information you are asked for. For Common Name, you should enter the domain you want to use for the virtual host, so the certificate is signed for that domain.
  4. After processing all steps, you maybe want to import the cert into your browser (it lives under C:/xampp/apache/conf/ssl.crt/server.crt). Nevertheless, you will get a warning about insecure self-signed certificate after loading your website – you need to add it as an exception.

Set up virtual host with HTTPS

Entry in the Windows hosts file

To let Windows know, for example, that the domain florianbrinkmann.test should point to the IP address 127.0.0.1 (localhost), we have to insert an entry in the Windows hosts file. The file can be found in C:\Windows\System32\drivers\etc. To edit it, you need admin privileges (search for the editor in Windows, right-click on it and choose Run as administrator).

At the end of the hosts file, add an entry with the following pattern:

127.0.0.1 florianbrinkmann.test
Code language: CSS (css)

You have to replace the domain with your own development domain. Afterwards, you can save and close the file.

Creating the Virtual Host in Apache

The virtual hosts in Apache can be found in the C:\xampp\apache\conf\extra\httpd-vhosts.conf file. Open the file and insert an entry according to the following pattern (an answer from stackoverflow.com was very helpful – the related question also, it brought me to the article on SSL certificate setup):

<VirtualHost florianbrinkmann.test:80> DocumentRoot "C:\xampp\htdocs\florianbrinkmann.test" ServerName florianbrinkmann.test <Directory "C:\xampp\htdocs\florianbrinkmann.test"> Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost florianbrinkmann.test:443> DocumentRoot "C:\xampp\htdocs\florianbrinkmann.test" ServerName florianbrinkmann.test SSLEngine On SSLCertificateFile "C:/xampp/apache/conf/ssl.crt/server.crt" SSLCertificateKeyFile "C:/xampp/apache/conf/ssl.key/server.key" <Directory "C:\xampp\htdocs\florianbrinkmann.test"> Order allow,deny Allow from all </Directory> </VirtualHost>
Code language: HTML, XML (xml)

Here you have to adjust the settings for DocumentRoot, ServerName, Directory, and the domain in the VirtualHost element. The first VirtualHost is for HTTP connections, the second for HTTPS connections.

Maybe you have to uncomment the following line in the C:\xampp\apache\conf\httpd.conf:

LoadModule ssl_module modules/mod_ssl.so

Now you can restart Apache and open your site with HTTPS (including browser warning…).

23 reactions on »HTTPS with virtual hosts on XAMPP«

    1. Hi Azamat,

      you can add your site as an exception, so that the browser does not check if the cert is from a trusted authority (how to do that exactly depends on the browser. In Firefox and Chrome, there is a button at the bottom of the warning, where you can add the site as an exception).

      Best,
      Florian

    1. Hi Mike,

      sorry for the late reply, your comment was marked as spam…
      No, you do not need to create a cert per host. In the meantime I think you do not need to create a cert at all. Even if there is no cert, you can set an exception for the browser warning and use the local site via https.

      Best,
      Florian

  1. Dear Sir,

    If I am using XAMPP is it possible to run 2 virtual hosts on port 443. If yes, can you kindly advise on how to configure xampp.

  2. hi ,
    I followed all the steps but its not working for me . my website is built using joomla .
    Error: "HTTPS has not been enabled as it is not available on this server. HTTPS connection test failed with the following error: HTTPS version of the site returned an invalid HTTP status code."

    can you please help . Thank you .

    1. Hi Tashi,

      it seems that SSL is not installed. Have you checked if the SSL module is loaded (at the end of my article is a paragraph on that)? Maybe that helps, otherwise I am not sure what could cause that error, sorry.

      Best,
      Florian

  3. Thank you Florian. It's very easy and fast process to add SSL certificate on xampp. Thank you again, it is very useful for me.

    1. Thank you so much! I was doing a php course and just could not access the .dev domain, it kept showing some cert error. Once again thank you!!

Leave a Reply

Your email address will not be published. Required fields are marked *