How to Install an SSL Certificate on XAMPP

Using SSL certificates in your XAMPP server setup enhances security by encrypting data communication between your local server and the browser. This implementation provides end-to-end data security against unapproved access to confidential information. Enabling SSL in XAMPP allows you to test your website securely before deploying it to a live server.

This guide provides step-by-step instructions on how to install an SSL certificate on your local XAMPP server.

Step 1: Generate a Certificate Signing Request (CSR)
Before obtaining an SSL certificate, you need to create a CSR, which contains your server’s public key and domain information.

Using OpenSSL to Generate a CSR

1. Navigate to the Apache directory in your XAMPP installation (e.g., C:\xampp\apache).
2. Create a new directory named SSL to store your certificate files (C:\xampp\apache\ssl).
3. Open a Command Prompt as Administrator and navigate to the bin directory within Apache: cd C:\xampp\apache\bin
4. Generate the private key: openssl genrsa -out ../ssl/your_domain.key 2048

5. Generate the CSR:
   openssl req -new -key ../ssl/your_domain.key -out ../ssl/your_domain.csr

6. Follow the prompts to enter your organization’s information (Common Name should be localhost for local development).

Step 2: Obtain an SSL Certificate
Submit the CSR file (your_domain.csr) to a Certificate Authority (CA) to obtain an SSL certificate.
The CA will provide you with certificate files, usually including:

• yourdomain_com.crt (SSL Certificate)
• yourdomain_com.key (Private Key - already generated in Step 1)
• yourdomain_com.ca-bundle (Intermediate Certificate from CA)

To create a self-signed certificate for testing you should use OpenSSL.

openssl x509 -req -days 365 -in ../ssl/your_domain.csr -signkey ../ssl/your_domain.key -out ../ssl/your_domain.crt

Step 3: Configure Apache for SSL
1. Locate the Apache SSL Configuration File
You can access the SSL configuration file in two ways:
Open XAMPP Control Panel → Click Config → Select Apache (httpd-ssl.conf).
Alternatively, open File Explorer and navigate to:
C:\xampp\apache\conf\extra\httpd-ssl.conf
2. Edit the Virtual Host for Port 443
Open httpd-ssl.conf with a text editor (e.g., Notepad++) and modify the VirtualHost section:

<VirtualHost *:443>
    DocumentRoot "C:/xampp/htdocs"
    ServerName localhost
    SSLEngine on
    SSLCertificateFile "C:/xampp/apache/ssl/yourdomain_com.crt"
    SSLCertificateKeyFile "C:/xampp/apache/ssl/yourdomain_com.key"
    SSLCACertificateFile "C:/xampp/apache/ssl/yourdomain_com.ca-bundle"
</VirtualHost>

Replace yourdomain_com.crt, yourdomain_com.key, and yourdomain_com.ca-bundle with the actual filenames.

If testing locally, use localhost instead of a domain name.

3. Enable SSL Module in Apache
Open httpd.conf (C:\xampp\apache\conf\httpd.conf) and ensure these lines are uncommented (remove # if present):
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

Step 4: Restart Apache
Open XAMPP Control Panel.
Click Stop on Apache.
Click Start on Apache again to apply changes.

Step 5: Verify the SSL Installation

1. Open a web browser.
2. Navigate to https://localhost/.
3. Check for a padlock icon displayed at the address bar.
4. Open certificate details by clicking the padlock to verify its validity.

If you want to enable HTTPS for WordPress, check out this guide.

Note: Users should know that browsers show security alerts if they use self-signed certificates. Click "Advanced" and proceed.

You have successfully installed an SSL certificate on your XAMPP server. Local development with HTTPS is now available so that you can perform secure application testing before deployment happens.