Page 1 of 1

Xampp and SSL

PostPosted: 20. May 2019 09:17
by shadowgun1102
My live website with a hosting company uses SSL, and I have tried setting up an SSL certificate on my local server.

When I try accessing https://localhost/site.test,or https://site.test I only get the error message "The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT"

How can I get this to work?, has anybody set-up SSL on Xampp?

Thank!

Re: Xampp and SSL

PostPosted: 20. May 2019 19:35
by Nobbie
That is a main problem of using "self signed" Certificates. Browser dont trust these anymore (that has been changed, a couple of years ago there was no problem).

You should get a Certificate from an "official" provider, the one and only one which delivers Certificates freely (no money) is "Lets encrypt". Try to get a Ceritificate from them, where i honestly dont know, if they deliver Certificates for "localhost". But you may of course go for a real domain name instead.

Re: Xampp and SSL

PostPosted: 25. May 2019 17:35
by gsmith
I cannot remember a time when browsers ever "trusted" a self-signed certificate. Maybe in the '90s. I've been using Apache since '98 and SSL since 2004. I've always only used Mozilla browsers however (Netscape, Mozilla Suite, Seamonkey, Firefox).

You will not find a trusted Certificate Authority (CA) that will issue a cert for "localhost." It violates the baselines requirements for CA's and anyone that did would end up like Startcom or Symantic and have their certs untrusted.

Older versions of Firefox would let you add an exception to a self-sighed cert but the latest versions do not seem to allow it. So that leaves few options.

1. Create your own CA and sign your cert with it. This still is not trusted by browsers but an exception can be made for untrusted CA's. This does all the work for you supposedly, I have not tried it I admit.
https://blog.filippo.io/mkcert-valid-ht ... localhost/

2. Get a free subdomain from any number of free DNS providers, and if your ISP allows incoming port 80 requests (-: mine doesn't), you can get a Let's Encrypt cert for that subdomain.

Re: Xampp and SSL

PostPosted: 25. May 2019 18:18
by Nobbie
gsmith wrote:I cannot remember a time when browsers ever "trusted" a self-signed certificate.


Yes, this happens more and more with advancing age.

Strictly speaking, "trust" is certainly not the right formulation, but one could very well use these certificates (keyword "makecrt.bat"). And in the end it's all about using the self-generated certificates at home. Unfortunately, this is becoming more and more difficult.