Search notes:

XAMPP: Create and use certificates

This page hopefully demonstrates how a certificate can be added to XAMPP (on Windows).

First, we need to open a PowerShell session and define a couple of variables:

$domain              = 'the-domain.tq84'
$xampp_root          = "$home/xampp"

When I tried to create the certificates, I was struggling with Invalid self signed SSL cert - "Subject Alternative Name Missing" errors thrown by Chrome.

This Stackoverflow answer explained how I could create a «correct» certificate.

First, we need an OpenSSL config file which is created by the following command:

@"
[ req ]
  default_bits       = 4096
  distinguished_name = req_distinguished_name
  req_extensions     = req_ext
  prompt             = no

[ req_distinguished_name ]
  commonName         = $domain

[ req_ext ]
  subjectAltName     = DNS:$domain
# subjectAltName     = IP:192.168.0.1

"@ | out-file -encoding ascii ssl.conf

A private key is needed:

& $xampp_root\apache\bin\openssl genrsa     -out private-key.pem

We also need a Client Server Request (CSR) …

& $xampp_root\apache\bin\openssl req   -new -key private-key.pem -out server.csr -config ssl.conf

… with which the certificate can be created:

& $xampp_root\apache\bin\openssl x509  -req -days 365 -in server.csr -signkey private-key.pem -out server.crt -extensions req_ext -extfile ssl.conf

The CSR itself is not actually needed:

rm server.csr

We copy the private key and the certificate to the apache/conf directory:

cp private-key.pem $xampp_root\apache\conf
cp server.crt      $xampp_root\apache\conf

The certificate needs also to be installed into Trusted Root Certification Authorities (here for the current user):

import-certificate -filePath server.crt -certStoreLocation cert:\currentUser\Root

It would also be possible to install it for all users on the local machine:

# import-certificate -filePath server.crt -certStoreLocation cert:\localMachine\Root

The «domain» is added %SYSTEMROOT%\System32\drivers\etc\hosts so that the web browser can resolve it to an IP address:

127.0.0.1            the-domain.tq84

Finally, the «virtual host» is added to the Apache configuration (typically in $xampp_root/apache/conf/extra/httpd-vhosts.conf):

<VirtualHost the-domain.tq84:443>
     ServerAdmin           bla@the-domain.tq84
     DocumentRoot          "C:/users/rene/XAMPP/htdocs"
     ServerName             the-domain.tq84
     ServerAlias          *.the-domain.tq84
     ErrorLog              "logs/the-domain.tq84.log" 
     CustomLog             "logs/the-domain.tq84.log" common
     SSLEngine on
     SSLCertificateFile    "conf/server.crt"
     SSLCertificateKeyFile "conf/private-key.pem"
</VirtualHost>

Index