V3_EXT is a list of all the virtual hosts that you are using.This script assumes that your XAMPP has been installed in C:\xampp, you may need to change this otherwise.Some notes and explanations of the above script:
Set V3_EXT=subjectAltName=DNS:localhost,DNS:127.0.0.1,DNS:local.website1,DNS:local.website2īin\openssl req -subj "/C=AU/ST=NSW/L=Sydney/O=Janette Towell/OU= /CN=%DOMAIN%" -x509 -addext %V3_EXT% -nodes -days 365 -newkey rsa:2048 -keyout %HOME%\ssl.key\%DOMAIN%-selfsigned.key -out %HOME%\ssl.crt\%DOMAIN%-selfsigned.crt
If not exist %HOME%\ssl.key mkdir %HOME%\ssl.key If not exist %HOME%\ssl.crt mkdir %HOME%\ssl.crt In C:\xampp\apache create a file, I decided to call it makecert_bulk.bat given that is what it is going to do.
XAMPP SSL CONFIGURATION UPDATE
Given that I am now needing to create more than 1 self-signed certificate and that I will be repeating this process each year, I decided it was easiest to create a bat file that I can just update and run each year. LoadModule rewrite_module modules/mod_rewrite.so Make sure that the rewrite_module is uncommented (ie no semi colon at the start of the line). Ie remove the semi colon ( ) in front of the line If you have previously setup self-signed SSL certificates you will have already done this.įor the SSL we are going to use openssl, so we need to make sure that the openssl line is not commented out. The 8 Step Processįor completness I have included this step, which I mentioned in my previous post. This then meant that I needed self-signed SSL certificates for not just localhost but also for local.website1 etc.įurther to my previous post I also realised that these certificates are setup with a 365 day expiry (ie -days 365), so I need to repeat this process each year (or set a longer expiry). I now also have some sites setup using virtual hosts so I access them using eg. In my previous post I mentioned that I run a lot of WordPress instances using localhost to access them eg Setting up virtual hosts is another topic altogether that I will cover in another post.
XAMPP SSL CONFIGURATION HOW TO
This post is an expansion of the original, covering how to setup self-signed SSL certificates for virtual hosts also. I therefore needed to tackle the issue of also setting up SSL for my virtual hosts. Well, a lot has changed in a year, and it has now become necessary for me to sometimes use virtual hosts. I also mention at the time that I wasn’t using any virtual hosts. PS: I assume XAMPP (which I don't use myself) gives you openssl commandline.Last year I wrote a post about Setting up a self-signed SSL certificate for localhost when using XAMPP on Windows, in it I outlined the steps I used to setup SSL for my localhost. Then either use that new file as SSLCertificateChainFile or append it to the file you are using as SSLCertificateFile namely blablabla.crt. First do openssl pkcs7 -print_certs chain.pem However, Apache (via OpenSSL) does not support p7b format for certificate chains, although 2.4.8+ should support chain certs in SSLCertificateFile without separate SSLCertificateChainFile. # OpenSSL will select the correct-type block from a PEM-format file.įor OpenSSL 0.9.x instead of pkey use openssl pkcs8 -topk8 -nocrypt newkey # oldkey can be the blablabla.crt that contains _both_ cert and key # successsfully generated a key and obtained a cert for non-RSA # however without greater knowledge you are unlikely to have Openssl rsa newkey # ditto, only if key is RSA. With recent OpenSSL (1.0.0+) you can decrypt with one of openssl pkey newkey # no -passout, optional -passin
In either case for security make sure the ACL on the file containing the decrypted key is as restrictive as possible. from the CSR generation step) and put the decrypted version back in the file, or remove it from that file and put/leave the decrypted version in a separate file (named something meaningful like blablabla.key) and specify it in SSLCertificateKeyFile.
XAMPP SSL CONFIGURATION PASSWORD
Apparently blablabla.crt contains the privatekey (which is permitted though not recommended) and the key is encrypted and thus requires a password (which apparently doesn't work on Windows see for example )Įxtract the privatekey and decrypt it (unless you already have it e.g.
0 kommentar(er)
