SSL certificate on Windows with XAMPP

If you have arrived here it is because you have installed the XAMPP Web server for Windows, you have run it and the browser has sent you an error message.

Since I also use XAMPP, I decided to write this tutorial, since, for various reasons, I forgot how I had managed to get the SSL certificate to work on Windows.

There are multiple examples on the internet of how to do it, all of them so varied and even contradictory, many of which I tried and they didn’t work, a fact that annoyed me.

The first thing we should know is that once installed, XAMPP comes with a certificate with an expired date and with version 1 and even if we update it, it will not work since the date will change and the version will not.

For the purposes of this example I assume that the XAMPP server is already installed and running and in my example the server will be called localhost so I can call it in the web browser with the following URL: https://localhost/

We start:

1.    Create an SSL certificate in XAMPP

1.1 We create the V3.ext file

If we use the version of the default file that XAMPP comes with to create SSL certificates, they will be created in version 1 and if we install it on our server, it will give us an error that “the connection is not private” because the certificate is invalid.

Therefore, in order to have an operational SSL certificate on an SSL web server on Windows with It is 365 days.

Keep in mind that the V3.ext file will be read by the makecert.bat file located in the same folder at the time of creating the SSL certificate.

In the path: C:\xampp\apache, we create a text file with the name V3.ext, pay attention to its extension, which must be “ext” and with the text editor we add the following content:

subjectAltName = @alt_names
[alt_names]
DNS.1 =localhost
DNS.2 =*.your.domain
DNS.3 =your.domain
DNS.4 =127.0.0.1
DNS.5 =127.0.0.2

You should consider that DNS names should vary depending on the specific need. After that we recorded.

1.2 We edit the makecert.bat file

It is advisable to save a copy of the makecert.bat file to preserve the original version, before proceeding with its modification.

In this case, we are going to make two modifications to the original file that comes with XAMPP, so that the expiration period is greater than 365 days and that it can also read the file previously created with the name V3.ext.

In the path C:\xampp\apache, with the text editor, we open the makecert.bat file and go to line 9 whose text is: «bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365» and replace it with the following:

«bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1460 -extfile v3.ext».  We save the file.

1.3 We execute the makecert.bat file

Before running the makecert.bat file, it is advisable to enter the C:\xampp\apache\conf\ssl.crt and C:\xampp\apache\conf\ssl.key folders and rename the server.crt and server files. key, since otherwise these will be rewritten.

When you run the makecert.bat file, a window will appear and it will ask you for some information that you will need to record to generate the SSL certificate.

Next, you are shown the data that is mandatory and the data that is optional. In the latter case, if you do not want to add data, just use the enter key to go to the next record.

  • Password: Required. At startup you will be prompted twice to verify that they are identical.
  • Country name: Required. Consider using your country’s extension in all caps and two letters.
  • State or province name: Optional.
  • Name of the town: Optional.
  • Organization name: Optional.
  • Organizational unit name: Optional.
  • Hostname: Required. “localhost” in the case of the example or the name that your local host will assign.
  • Email address: Optional.
  • A challenge password: Optional.
  • An optional company name: Optional.

Then, in the C:\xampp\apache folder, we run the makecert.bat file. To do this, right click with the mouse, run as administrator.

Complete the information and upon completing the execution of the makecert.bat file, you will be asked again for the password registered at the beginning of the procedure.

Finally, if everything was executed correctly, you will receive the following message:

writing RSA keySignature ok
subject=C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
Getting Private key

They have moved         1 file.
They have moved         1 files.
-----

Das Zertifikat wurde erstellt.
The certificate was provided.

Press a key to continue . . .

In the C:\xampp\apache\conf\ssl.crt folder there will be a server.crt file containing all the information that you have registered in the procedure; while, in the C:\xampp\apache\conf\ssl.key folder the server.key file will be located containing the security keys of the created SSL certificate.

Now, we are ready to install the created SSL certificate in Windows.

2.  We install the SSL certificate in Windows

By entering the C:\xampp\apache\conf\ssl.crt\ folder you will find a file called server.crt, right click on it and choose the “install certificate” option.

A screen will appear with two options, we choose “local computer” and click “Next”.

Another window appears regarding security, we accept it. Next, the certificate import wizard window appears, we choose the option “place all certificates in the following store”, we click on “browse”, a window appears with several images of folders, we choose the second one that says “Entities of trusted root certification”, then click “Next” and then “finish”.

With this, the SSL certificate for our local server in Windows 10 or Windows 11 is now installed.

5/5 - 5 votes

Discover more from Politikaperu

Subscribe to get the latest posts sent to your email.

Discover more from Politikaperu

Subscribe now to keep reading and get access to the full archive.

Continue reading