How do I allow HTTPS for Apache on localhost?

apache ssl https localhost
KennC. picture KennC. · Nov 19, 2010 · Viewed 268.8k times · Source

I was asked to set up HTTPS with a self-signed cert on Apache on localhost, but how do I actually do that? I have no idea at all.

Answer

Simon East picture Simon East · Aug 25, 2011

I've just attempted this - I needed to test some development code on my localhost Apache on Windows. This was WAAAY more difficult than it should be. But here are the steps that managed to work after much hairpulling...

I found that my Apache install comes with openssl.exe which is helpful. If you don't have a copy, you'll need to download it. My copy was in Apache2\bin folder which is how I reference it below.

Steps:

  1. Ensure you have write permissions to your Apache conf folder
  2. Open a command prompt in Apache2\conf folder
  3. Type
    ..\bin\openssl req -config openssl.cnf -new -out blarg.csr -keyout blarg.pem

  4. You can leave all questions blank except:

    • PEM Passphrase: a temporary password such as "password"
    • Common Name: the hostname of your server

  5. When that completes, type
    ..\bin\openssl rsa -in blarg.pem -out blarg.key

  6. Generate your self-signed certificate by typing:
    ..\bin\openssl x509 -in blarg.csr -out blarg.cert -req -signkey blarg.key -days 365

  7. Open Apache's conf\httpd.conf file and ensure SSL module is enabled - there should be no hash at the start of this line:
    LoadModule ssl_module modules/mod_ssl.so

  8. Some Apache installations place the SSL config in a separate file. If so, ensure that the SSL conf file is being included. In my case I had to uncomment this line:
    Include conf/extra/httpd-ssl.conf

  9. In the SSL config httpd-ssl.conf I had to update the following lines:

    • Update
      SSLSessionCache "shmcb:C:\Program Files (x86)\Zend\Apache2/logs/ssl_scache(512000)"
      to
      SSLSessionCache "shmcb:C:/Progra\~2/Zend/Apache2/logs/ssl_scache(512000)"
      (The brackets in the path confuse the module, so we need to escape them)
    • DocumentRoot - set this to the folder for your web files
    • ServerName - the server's hostname
    • SSLCertificateFile "conf/blarg.cert"
    • SSLCertificateKeyFile "conf/blarg.key"

  10. Restart Apache.

  11. Try loading https://localhost/ in your browser.

Hopefully you made it this far. Feel free to update this post with any other helpful info.

(Screenshots courtesy of Neil Obremski and his helpful article - although now quite out-of-date.)

Related questions

How do you redirect HTTPS to HTTP?

How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches. I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around …

Read More
How can I force users to access my page over HTTPS instead of HTTP?

I've got just one page that I want to force to be accessed as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an …

Read More
How do I use https (SSL) in XAMPP while using virtual hosts

I am writing a php app on my local machine and would like to test to see if SSL is working. Bear with me because this is the first time I've ever used SSL. So far this is what I've …

Read More