Xampp and SSL

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Xampp and SSL

Postby shadowgun1102 » 20. May 2019 09:17

My live website with a hosting company uses SSL, and I have tried setting up an SSL certificate on my local server.

When I try accessing https://localhost/site.test,or https://site.test I only get the error message "The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT"

How can I get this to work?, has anybody set-up SSL on Xampp?

Thank!
shadowgun1102
 
Posts: 1
Joined: 20. May 2019 09:13
XAMPP version: 3.2.1
Operating System: Win 10 pro

Re: Xampp and SSL

Postby Nobbie » 20. May 2019 19:35

That is a main problem of using "self signed" Certificates. Browser dont trust these anymore (that has been changed, a couple of years ago there was no problem).

You should get a Certificate from an "official" provider, the one and only one which delivers Certificates freely (no money) is "Lets encrypt". Try to get a Ceritificate from them, where i honestly dont know, if they deliver Certificates for "localhost". But you may of course go for a real domain name instead.
Nobbie
 
Posts: 10941
Joined: 09. March 2008 13:04

Re: Xampp and SSL

Postby gsmith » 25. May 2019 17:35

I cannot remember a time when browsers ever "trusted" a self-signed certificate. Maybe in the '90s. I've been using Apache since '98 and SSL since 2004. I've always only used Mozilla browsers however (Netscape, Mozilla Suite, Seamonkey, Firefox).

You will not find a trusted Certificate Authority (CA) that will issue a cert for "localhost." It violates the baselines requirements for CA's and anyone that did would end up like Startcom or Symantic and have their certs untrusted.

Older versions of Firefox would let you add an exception to a self-sighed cert but the latest versions do not seem to allow it. So that leaves few options.

1. Create your own CA and sign your cert with it. This still is not trusted by browsers but an exception can be made for untrusted CA's. This does all the work for you supposedly, I have not tried it I admit.
https://blog.filippo.io/mkcert-valid-ht ... localhost/

2. Get a free subdomain from any number of free DNS providers, and if your ISP allows incoming port 80 requests (-: mine doesn't), you can get a Let's Encrypt cert for that subdomain.
gsmith
 
Posts: 244
Joined: 29. November 2013 18:04
Location: San Diego
XAMPP version: 0.0.0
Operating System: Win 7-10/VC 6,9,11,14,15

Re: Xampp and SSL

Postby Nobbie » 25. May 2019 18:18

gsmith wrote:I cannot remember a time when browsers ever "trusted" a self-signed certificate.


Yes, this happens more and more with advancing age.

Strictly speaking, "trust" is certainly not the right formulation, but one could very well use these certificates (keyword "makecrt.bat"). And in the end it's all about using the self-generated certificates at home. Unfortunately, this is becoming more and more difficult.
Nobbie
 
Posts: 10941
Joined: 09. March 2008 13:04


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 52 guests