Create SSL Certificate and install in Xampp
HTTPS, it’s a secure HTTP protocol. With the web becoming part of a day to day life people expect almost all application and services should be web enabled and it will happen soon. As huge transactions are done on the web we need some kind of security that will prevent data theft, data sniffing. Secure HTTP plays a very crucial role in protecting the web. Below we will see how we can get SSL Certificate for Xampp.
When we develop any web base application it is always better to provide support for https. Generally it happens that we develop our application with HTTP protocol in mind and when security comes in app may fail to act as expected. So add SSL certificate in the development phase itself.
There might be the case that you won’t be able to buy the SSL certificate in development phase, in this scenario its always advised to generate and install Self Signed SSL Certificate and later when you decide to move to production you can buy an authentic certificate from companies like VeriSign Inc.
Here we will see how we can generate SSL certificate using Open SSL and install it on Xampp server for Windows.
If while running any of below commands you get any error regarding openssl.cnf then set the correct file with below command
|
1 |
set OPENSSL_CONF=c:/softwares/openssl-0.9.8h-1-bin/share/openssl.cnf |
1. Generate a Private Key
Command: openssl genrsa -des3 -out server.key 1024
Screen:
|
1 2 3 4 5 6 7 8 |
C:\certs>openssl genrsa -des3 -out server.key 1024 Loading 'screen' into random state - done Generating RSA private key, 1024 bit long modulus ........................................................++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: |
2. Generate Certificate Signing Request
Command: openssl req -new -key server.key -out server.csr
Screen:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
C:\certs>openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: Loading 'screen' into random state - done You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:ST Locality Name (eg, city) []:PU Organization Name (eg, company) [Internet Widgits Pty Ltd]:OC Organizational Unit Name (eg, section) []:BL Common Name (eg, YOUR name) []:opencodez Email Address []:admin@opencodez.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
Here the command might need a config parameter. This is not required but its needed when openssl couldnt find the configration file.
3. Sign the Certificate
Command: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Screen:
|
1 2 3 4 5 6 |
C:\certs>openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Loading 'screen' into random state - done Signature ok subject=/C=IN/ST=ST/L=PU/O=OC/OU=BL/CN=opencodez/emailAddress=admin@opencodez.com Getting Private key Enter pass phrase for server.key: |
3. Install and Configure the Certificate
After this, you will have server.key and server.crt files that you need to copy to some directory that can be easily accessed by apache. Copy both files to say crypt directory and configure the SSL Conf for website or app. Following shows the basic SSL configuration.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
DocumentRoot "path/to/ssltest.com" ServerName ssltest.com ServerAlias www.ssltest.com ServerAdmin you@ssltest.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW :+SSLv2:+EXP:+eNULL SSLCertificateFile "path/to/server.crt" SSLCertificateKeyFile "path/to/server.key" <filesmatch ".(cgi|shtml|phtml|php|php5|php4|php3?)$"=""> SSLOptions +StdEnvVars <directory "path="" to="" cgi-bin"=""> SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 |
4. Restart the apache server and access the application/site with HTTPS.
Conclusion
In this article, we have seen how you can get self-signed SSL Certificate for Xampp and use it for your local application testing.
Thanks! Good article
on xampp no need to do this, just go to apache folder, and look for the bat file makecert, this bat file will generate key and crt. generated files will be found inside the conf folder.
In XAMPP 1.7.7 Windows, Apache won’t start unless you remove the passphrase from server.key after the server.crt is created and signed.
A very easy solution! Great post!
Thanks very much.
It is very helpful.
this article is good.
i hope you can post how to create a root CA that can be used to sign server and client certificates that can be used as test certificates for localhost in windows xp using xampp 1.7.1 release.
thanks in advance.
rodel
thx very much,..
ur article is d’best