Skip to content

How to Set Up an SSL Certificate in Localhost for XAMPP

How to Set Up an SSL certificate in localhost for XAMPP

In this tutorial, we will be looking at how to set up a self-signed SSL certificate on localhost using XAMPP, Apache, and OpenSSL.

⚠️ Warning

Because we're going to use a self-signed certificate, it's not recommended to use it in a Production environment.
It's meant to be used only in your local development environment.

By the end of the article:

  • you will know what is the difference between Ports 80 and 443
  • you will have a working self-signed SSL certificate on a specific custom domain within your localhost
  • you will get familiar with some Apache configurations
  • you will learn a bit about OpenSSL
  • and last but not least, I hope you will enjoy the tutorial 💜


In order to follow this tutorial, you’ll need to have a functional XAMPP environment, of course.

You’ll also need a custom domain set up through VirtualHost.

So if you don’t have it set up, make sure to go through this tutorial first. You’ll be ready to go in a couple of minutes.

For the purpose of this article, I use Laravel but feel free to use whatever framework or project suits you best.

You can even use a plain HTML page as long as you can reach the website through Apache.

Let’s get started!

Ports 80 and 443 — What’s the difference?

Let’s start XAMPP and turn on Apache.

Once it starts, you can notice two Ports: 80 and 443.

Port 80 is used for HTTP by default.

Port 443 is used for HTTPS.

If you go to a website that doesn’t have an SSL/TLS certificate, the request will go through HTTP, which means Port 80 is used and the connection is not secured.

Unsecured HTTP website using Port 80

It’s good to keep in mind that Port 80 is used to access an unsecured website, while Port 443 is used for secure connections.

We’ll use this information a bit later in the tutorial when we configure Apache.

Let’s move on to creating the SSL certificate.

🎥 Prefer a video guide instead? Check this out:


Create the SSL Certificate

We’ll now create a self-signed certificate using OpenSSL.

As mentioned above, this certificate should only be used on your local machine.

Luckily, XAMPP comes with a batch script which simplifies the creation of the certificate.

Go to the xampp\apache folder and open the file makecert.bat with your favorite code editor.

💡Good to know

You can scroll down a bit more and copy-paste makecert.bat and v3.ext ready-to-go code.

In addition to many other things, the script sets the validity period of the certificate to 365 days. You can modify this value as you wish.

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1825

We can set it to 1825, which means roughly 5 years.

Now, the more interesting part:

Because the script is quite old, it lacks some configurations that we need.

To resolve this, we’ll need to pass a new argument -extfile v3.ext to the same command mentioned above.

bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1825 -extfile v3.ext

We don’t have this file yet, so let’s go ahead and create it in the same xampp/apache folder.

The v3.ext file should have the following configurations:

Replace with your own domain.

And here’s the makecert.bat contents:

Now is the time to run the makecert.bat file.

You now have to go through the configuration wizard.

🚨 The information you introduce there can be dummy, but “Common Name (e.g server FQDN or YOUR name) []:” 🚨

This is basically asking for the actual name of the website, which in my case is

⚠️ Warning

If you insert a value that doesn't match your domain, the SSL certificate will not work!

makecert.bat file configuration wizard

Great! Now let’s install the certificate.

Install the SSL certificate

Go to xampp/apache/conf/ssl.crt folder and open the server.crt file.

In the first step click the Install Certificate… button.

SSL certificate wizard installation

Then choose the Local Machine option.

SSL certificate wizard Local Machine option

Then choose Place all certificates in the following store.

SSL certificate place certificate in store

Then click the Browse… button and select Trusted Root Certification Authorities from the Select Certificate Store window.

SSL certificate Trusted Root Certification Authorities

Click OK, then Next.

Press Finish and the installation is complete.

Configure Apache

Now that we installed the certificate, let’s tell Apache how to use it.

Go to xampp/apache/conf folder and open the httpd.conf file with your favorite code editor.

Search for the following lines and make sure they are uncommented (commented lines have a # in front of them: # I’m a commented line):

LoadModule ssl_module modules/

Include conf/extra/httpd-ssl.conf

Next, let’s go to xampp/apache/conf/extra and open the httpd-vhosts.conf file.

Now it’s good to recall what I mentioned at the beginning of the tutorial about ports 80 and 443 because we have to create another VirtualHost that uses port 443.

We enable the SSLEngine, and specify the location of the SSLCertificateFile and SSLCertificateKeyFile.

All good, let’s restart Apache and then go to your

The site now has the 🔒 in front of the URL which means the connection is now secured and it has a valid SSL certificate.

XAMPP local domain connection secure with SSL encryption

This is what the certificate looks like from the browser.

XAMPP local domain secured with SSL encryption neutrondev

Bear in mind, that sometimes the browsers might show that the connection is not secured and that the certificate is invalid.

You can try accessing the website through Incognito mode or try to clear the cache.

The browser however acknowledges the certificate and it should be okay since it’s a self-signed certificate and is not recognized by any authorities.

Redirect HTTP to HTTPS

One last thing.

If we access our website through, it goes to the unsecured version.

It would be good to redirect us to the HTTPS version instead.

Let’s address this.

Open the xampp/apache/conf/extra/httpd-vhosts.conf file and add the RewriteEngine, RewriteCond and RewriteRule lines to the VirtualHost settings for Port 80.

In the end, it should look something like this:

Restart Apache from the XAMPP Control Panel, and then access your website through HTTP.

It should now redirect you to the HTTPS version.

That was it 🎉

Let me know what you think about this article in the comments section below.

If you find this article helpful, please share it with others and subscribe to the blog to support me, and receive a bi-monthly-ish e-mail notification on my latest articles.