Apache Friends Support Forum

[shadowgun1102]

My live website with a hosting company uses SSL, and I have tried setting up an SSL certificate on my local server.

When I try accessing https://localhost/site.test,or https://site.test I only get the error message "The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT"

How can I get this to work?, has anybody set-up SSL on Xampp?

Thank!

[Nobbie]

That is a main problem of using "self signed" Certificates. Browser dont trust these anymore (that has been changed, a couple of years ago there was no problem).

You should get a Certificate from an "official" provider, the one and only one which delivers Certificates freely (no money) is "Lets encrypt". Try to get a Ceritificate from them, where i honestly dont know, if they deliver Certificates for "localhost". But you may of course go for a real domain name instead.

[gsmith]

I cannot remember a time when browsers ever "trusted" a self-signed certificate. Maybe in the '90s. I've been using Apache since '98 and SSL since 2004. I've always only used Mozilla browsers however (Netscape, Mozilla Suite, Seamonkey, Firefox).

You will not find a trusted Certificate Authority (CA) that will issue a cert for "localhost." It violates the baselines requirements for CA's and anyone that did would end up like Startcom or Symantic and have their certs untrusted.

Older versions of Firefox would let you add an exception to a self-sighed cert but the latest versions do not seem to allow it. So that leaves few options.

1. Create your own CA and sign your cert with it. This still is not trusted by browsers but an exception can be made for untrusted CA's. This does all the work for you supposedly, I have not tried it I admit.
https://blog.filippo.io/mkcert-valid-ht ... localhost/

2. Get a free subdomain from any number of free DNS providers, and if your ISP allows incoming port 80 requests (-: mine doesn't), you can get a Let's Encrypt cert for that subdomain.

[Nobbie]

I cannot remember a time when browsers ever "trusted" a self-signed certificate.

Yes, this happens more and more with advancing age.

Strictly speaking, "trust" is certainly not the right formulation, but one could very well use these certificates (keyword "makecrt.bat"). And in the end it's all about using the self-generated certificates at home. Unfortunately, this is becoming more and more difficult.

[danielwilliams]

Although it can be a little challenging, setting up SSL on XAMPP for local development is definitely feasible. The following is a step-by-step tutorial to assist you configure SSL in your XAMPP environment:

• Generate a Self-Signed Certificate
• Configure Apache to Use the SSL Certificate
• Configure SSL Settings
• Restart Apache
• Trust the Certificate
After completing these steps, your XAMPP environment should have SSL enabled, and you should be able to browse your local sites over HTTPS without experiencing SSL issues. Keep in mind that since it's a self-signed certificate, it won't be trusted by default, but you can manually trust it for local development purposes.