In the recent days I’ve been dabbing more and more into the php and web application world. The reason was that I wanted to create a web application that the helpdesk or Jr Sysamins can use without necessarily giving them full blown permissions to the infrastructure. Some examples of this would be automating the new hire onboarding process, deploying a server in VMware or even generating a LAPS password. The benefits (or topic) of this is not really in scope of the article but I did want to document the process to use and setup SSL Certificates on XAMPP.
I wanted to setup a quick and dirty site on my localhost and found that xampp was the perfect solution for my Windows 10 machine. However, when it came to test the security I realized that it had not been secured with a proper certificate so I was unable to use HTTPS. The code that I was testing required https so I was off to my Google-venture.
Setup SSL Certificates on XAMPP
As we can see here I’ve setup my local xampp server and after piecing together a couple of articles, I finally got it working.
I should mention that the certificate I am using is not a self signed cert, but rather an actual Public SSL certificate from Let’s Encrypt. If you want to know how I did that, please check out my article on how to Create Free Lets Encrypt SSL Certificates Using Powershell. This article goes in depth and even has a video walkthrough if you prefer that method.
Now that we got that covered, let’s take this step by step on how to setup SSL certificates on Xampp. Assuming you installed Xampp in the default directory of C:\xampp here’s how to do it.
- Navigate to c:\xampp\apache and create a ‘cert’ folder
- Copy the cert.cer and the cert.key that we got from Let’s Encrypt
- Paste those 2 files in to this directory
Next, since I want to eventually access the web application from other browsers I am going to setup a DNS HOST A record. This will allow any computer in the domain to access the URL and have it point to our instance. Since I am running this at the domain level, I am using Domain Admin privileges.
- While logged into a domain controller, open DNS Management
- Expand the root of the domain namespace you want to use
- In my case I’m using tool.thesysadminchannel.com so I’m using thesysadminchannel.com namespace
- Right click and create New Host (A or AAAA) record
- Enter the URL you would like to have
- Enter the IPaddress of the server you want to point it back to (In this case our local xampp server)
Now that we have the certificate placed in the correct directory and we’ve setup our Host A record to be able to access the URL from any location in our network. It’s time to modify the apache config file to use this cert.
- Navigate to C:\xampp\apache\conf\extra\httpd-vhosts.conf and open with your editor of choice
- Enter in the following config to create a new https virtual host
<VirtualHost *:443> ServerAdmin [email protected] DocumentRoot "C:/xampp/htdocs" ServerName tool.thesysadminchannel.com ErrorLog "logs/tool.log" CustomLog "logs/tool-access.log" common SSLEngine on SSLCertificateFile "C:/xampp/apache/cert/cert.cer" SSLCertificateKeyFile "C:/xampp/apache/cert/cert.key" </VirtualHost>
On the above be sure to take note of the following things.
- VirtualHost *:443 – This creates the port over 443 which is what SSL uses
- The servername is the URL you plan on using. In my case i’m using tool.thesysadminchannel.com so this is what I have configured here and my DNS records
- SSL Engine is turned on
- The SSL Certificate File and the SSL Certificate Key File are set to the path we created
- The paths have forward slashes and not backslashes
Once you have that, we should be all done as far as the process on how to setup SSL Certificates on XAMPP server. Check it out and let me know if you run into any snags with your setup.