With the importance of HTTPS for security and SEO (according to Google), you need a development environment that lets you run your site locally on https. Unfortunately, right out of the box, WampServer only includes a parts of what you need to get your local web server running over https://localhost.
In this article, we will go over the exact steps you can follow to get HTTPS / SSL working on your Wamp Server. These instructions assume that you are installing the 64-bit version of WampServer for Windows to your c: drive. If not, just replace c: with d:. You may also need to change the version number in some of the paths depending on when you downloaded Wamp Server.
How to use WAMP + SSL to open localhost over https:
- Download & install WampServer.
- Open a command prompt (WindowsKey + R > cmd > click OK) and enter the following commands.
cd c:\wamp64\bin\apache\apache2.4.27\bin
openssl genrsa -aes256 -out private.key 2048
openssl rsa -in private.key -out private.key
openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config c:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
Note: You can pretty much answer the questions any way you want though real answers are best. The one question that really matters here is the FQDN. It should be: localhost. - Move the private.key and certificate.crt files from c:\wamp64\bin\apache\apache2.4.27\bin to the c:\wamp64\bin\apache\apache2.4.27\conf\key\ folder. If the key folder doesn't already exist, create it.
- Using a text editor like Notepad, open c:\wamp64\bin\apache\apache2.4.27\conf\httpd.conf and un-comment following 3 lines:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so - Using a text editor like Notepad, open c:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf and apply the following changes:
Below the line: <VirtualHost _default_:443>, check the following parameters to ensure they are configured correctly and not commented.
-------------------------------------
DocumentRoot "c:/wamp64/www"
ServerName localhost:443
ServerAdmin admin@example.com
SSLSessionCache "shmcb:c:/wamp64/bin/apache/apache2.4.27/logs/ssl_scache(512000)"
ErrorLog "c:/wamp64/bin/apache/apache2.4.27/logs/error.log"
TransferLog "c:/wamp64/bin/apache/apache2.4.27/logs/access.log"
SSLCertificateFile "c:/wamp64/bin/apache/apache2.4.27/conf/key/certificate.crt"
SSLCertificateKeyFile "c:/wamp64/bin/apache/apache2.4.27/conf/key/private.key"
------------------------------------- - Save the file and close it.
- You are done. To check the validity of file, at the command prompt, enter:
c:\wamp64\bin\apache\apache2.4.27\bin\httpd -t
and then use your web browse to go to https://localhost/
From this point on, you should be able to start, stop and restart Wamp Server and SSL-HTTPS will continue to work.
Enjoy!
Michael Milette
March 18, 2018 at 8:19 AM
Excellent and very Clear. Thank you
Howeverchecking the validity of the file, I get:
AH00526: Syntax error on line 127 of C:/wamp64/bin/apache/apache2.4.27/conf/extra/httpd-ssl.conf:
SSLSessionCache cannot occur within section
March 19, 2018 at 2:42 PM
Hi, thanks for this, I found it very helpful.
However there is a step which you missed, you need to copy the private.key file and the certificate.crt files from the folder where they are created (c:\wamp64\bin\apache\apache2.4.27\bin) to the folder c:\wamp64\bin\apache\apache2.4.27\conf
Once I figured that out, it all worked
March 19, 2018 at 3:51 PM
Thanks for this post. I know it is not in its finished form but I have used it to (nearly?) implement SSL on my Wampserver. This is my experience, in case it is of use.
Because openssl did not seem to work on my old version, I have upgraded my Wampserver to v 3.1.1 64 bit. It took a while but it works fine now, and I am now on Apache 2.4.27. I was then able to follow your instructions to the letter.
On checking the validity using httpd -t I found the following errors and corrected them:
– SSLSessionCache line caused error “cannot occur within virtualhost section” – I moved it to replace existing SSLSessionCache line outside the virtualhost section
– SSLCertificateFile and SSLCertificateKeyFile were pointing to the wrong folders, as the files are in bin not conf (they also needed their old values commenting out, which I had missed)
– I also had to comment out CustomLog, as it pointed to an invalid folder
I then had an Apache error: 1066, and the error log said SSLPassPhraseDialog builtin is not supported on Win32. The solution I used (from https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO11242) was to remove the encryption and comment out SSLPassPhraseDialog. (Maybe I should originally have used a blank Passphrase?)
The situation now is that localhost works fine with my WordPress site, but https://localhost gives me a meesage that the certificate is not trusted. I switched to a simple one page index.html file for testing, so there are no complications from my site itself.
In Firefox I managed to get the certicate trusted by clicking on the option it presented. Using Chrome settings I was able to install the certificate in the Trusted Root Certification Authorities Store. This meant that Edge treats it as trusted, but Chrome still does not (I am currently on version 65). Opera allows me in but marks it as not trusted.
I then switched back to my WordPress index.php and in Chrome got the error “This server could not prove that it is localhost; its security certificate does not specify Subject Alternative Names.” It seems the issue is recognised – eg at https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288 and I used the solution there (editing the certificate). But it still did not help.
I needed to use openssl to include Subject Alternative Names, using https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one as a basis, I added the following to the end of openssl.cnf and regenerated the certificate.
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = localhost
DNS.2 = http://www.localhost
I don’t know if I did it right, but the situation is no better, in that the browsers mark the site as insecure, but as my Wamp is a development system I think it is just about good enough for me to start preparing the main site for SSL, but I would still like to get https working properly.
Thanks again.
March 20, 2018 at 12:11 AM
To solve the SubjectAltNames issue on my wamp, I used https://community.nethserver.org/t/subjectaltname-for-certificates/6786/4 to edit C:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
Under [ Req ] section
uncommented: req_extensions = v3_req
Under [ v3_req ] section
Added: extendedKeyUsage = serverAuth
Added: subjectAltName = @alt_names
Under [ v3_ca ] section
Added: subjectAltName = @alt_names
Added new section [ alt_names ] at the bottom of the file
[ alt_names ]
DNS.1 = localhost
DNS.2 = http://www.localhost
Then reloaded the new certificate into the Trusted Root Certification Authorities Store (using Chrome Settings/Advanced/Manage certificates. The Chrome Developer tools Security tab helped confirm any issues.
With my simple single html page https is now OK. When I switched back to my WordPress site, I had one issue but it is now working OK in https. I am now looking forward to using Really Simple SSL, and clearing all the mixed content.
A hint for WordPress Users: If you are logged in and reload using https you get “This has been disabled”, as you need to log in again. What I did was log out using my old http, then reload using https, which then enabled me to log in.
You will realise that I do not really know what I am doing, and just use bits of help where I can find it on the web. Thanks for your help.
April 2, 2018 at 12:20 AM
It keeps telling me that the certificate.crt file does not exist. Aren’t we making it during the 2nd set of instructions? If not, what am I doing wrong?
Thanks!
April 2, 2018 at 8:13 AM
The certificate.crt file does exist, but the command keeps telling me it doesn’t. It also has content in the file, so I’m unsure what is going on?
April 2, 2018 at 8:19 AM
I figured out my problem. The certificate.crt file has to be in the same location as the private.key.
I think command four should read: SSLCertificateFile “c:/wamp64/bin/apache/apache2.4.27/bin/certificate.crt”
SSLCertificateKeyFile “c:/wamp64/bin/apache/apache2.4.27/bin/private.key”
instead of in the conf folder.
Thanks for the awesome tutorial!
April 8, 2018 at 8:51 AM
Hi Ioannis,
Thank you for the suggestion. You were right of course. The physical location of the files and the recommended configuration settings did not line up.
I’ve updated the article to correct the paths. I now recommend that you put the files in a folder called ..\conf\key\ just to keep things tidy and also modified the configuration instructions to reflect this change. With that said, you can certainly leave it as you configured it and it will continue to work correctly. Thank you for taking the time to share your solution.
With gratitude,
Michael
November 2, 2018 at 5:44 AM
Hi Michael. Please consider this answer and update your topic: https://stackoverflow.com/a/52821468
May 8, 2018 at 8:18 AM
I would recommend you to use Let’s Encrypt for applying SSL on PHP websites. Let’s encrypt is available for free and it will remain free. It is easy to install and configure with your website.
May 19, 2018 at 4:38 PM
Thanks for your comment Oliver. Let’s Encrypt/Certbot is indeed a great tool that I often recommend. However it doesn’t work with https://localhost as far as I know – which is what the article is about.
May 19, 2018 at 5:37 AM
Got lost on step 3. Move private.key and certificate from where?
May 19, 2018 at 4:40 PM
Hi Valentin, thank you for your comment. I thought it would have been obvious that the file would be in the directory where you created it however I have taken your feedback into consideration and updated step 3. Best regards, Michael 🙂
May 29, 2018 at 5:04 PM
I made all my website ready for ssl. Now, when i included all the websites in the httpd-ssl.conf file the websites all do point to my first website.
What is the problem ?
July 17, 2018 at 4:46 PM
The problem will likely be how you configured the httpd-ssl.conf file. Refer to Apache documentation for more information.
June 1, 2018 at 11:08 AM
everything is installed well in my wamp but when i open https://localhost it shows red https how can i convert it into green
July 17, 2018 at 4:43 PM
In Chrome, try going to chrome://flags/#allow-insecure-localhost and see if enabling this option helps. You may need to restart your web browser. Other browsers will have different instructions.
June 14, 2018 at 3:01 AM
I am getting the “Your connection is not secure” screen for https://localhost/. Is there any way to bypass this?
July 17, 2018 at 4:08 PM
There is a way to tell the browser to let you through without the message however it has to be done in your web browser’s settings. Instructions are browser specific.
TIP: Avoid using the .dev top level domain (like locahost.dev).
June 28, 2018 at 6:55 AM
Thanks! Worked like a charm (few errors, but nothing that couldn’t be fixed with actual reading :D)
July 11, 2018 at 2:03 AM
Thanks for the directive, after stumbling on so many failed sites, you saved my day.
July 20, 2018 at 3:48 AM
Hello Michael,
I followed your instructions with adjusted paths, but I get an error when checking validity of file (last point):
AH00526: Syntax error on line 87 of C:/wampserver/bin/apache/apache2.4.9/conf/ex
tra/httpd-ssl.conf:
SSLSessionCache takes one argument, SSL Session Cache storage (‘none’, ‘nonenotn
ull’, ‘dbm:/path/to/file’)
Line 87 is:
SSLSessionCache “shmcb:c:/wampserver/bin/apache/apache2.4.9/logs/ssl_scache(512000)”
What did I do wrong? There is no file “ssl_scache(512000)” in that directory.
Thank you,
Stefan
August 26, 2018 at 3:06 AM
I am trying to follow the instructions as above but get the message below after my first open ssl cmd ( i am new to all of this – please help
“C:\wamp64\bin\apache\apache2.4.23\bin>openssl genrsa -aes256 -out private.key 20
48
WARNING: can’t open config file: c:/usr/local/ssl/openssl.cnf
Generating RSA private key, 2048 bit long modulus
………………………….+++
….+++
unable to write ‘random state’
e is 65537 (0x10001)
Enter pass phrase for private.key:”
August 28, 2018 at 12:47 PM
Since Wampserver 3.1.0 which includes Apache 2.4.27 (And for all subsequent Apache addons), an Apache “variable” is used to define the installation path.
You can therefore replace, in all Apache conf files, your installation path with this Apache variable.
So,
DocumentRoot “c:/wamp64/www”
can be replaced by
DocumentRoot “${INSTALL_DIR}/www”
The same applies to all other lines in Apache conf files that contain the Wampserver installation path.
This is the first time I have seen such a detailed and simple SSL/https implementation procedure for Wampserver.
Moreover, as this procedure seems to be followed and updated, I’d like to put its link in the Wampserver tools in a next update.
August 31, 2018 at 8:51 AM
Fantastic, thank you very much! I just had some issues to see that the commandlines are multiple rows. This is the first tutorial which worked for me.
Also had to add -rand to the privat.key:
$ cd c:\wamp64\bin\apache\apache2.4.27\bin
$ openssl genrsa -rand -aes256 -out private.key 2048
$ openssl rsa -in private.key -out private.key
$ openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config c:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
Also nice tipp: Chrome Settings >> Advanced >> SSL Certs >> And here add the new cert to remove this annoying “This site is not save” warning.
September 1, 2018 at 3:20 AM
Thanks for your article!
Because it wasn’t working with this configs…
if somebody is in this situation, thanks to the command “httpd –t”, I could notice it:
I hadn’t any “ssl” directory in G:/wamp/bin/apache/apache2.4.23/logs/. It has to be created (or avoid in your paths).
C:/ or G:/ has to always be in uppercase letter (Apache will not find the path with c:/…)
When you create the certificate, you can pretty much answer the questions any way you want (though real answers are best)… but the one question that really matters is the FQDN : it should be localhost.
Bye!
October 15, 2018 at 1:07 PM
Please update your article, as it have inaccuracies, per https://stackoverflow.com/a/52821468/2377343
November 1, 2018 at 1:48 PM
certificate invalid
any idea?
December 4, 2018 at 9:38 AM
hello,
the Wamp server stops working (2 out of 3 services working) after I include the conf/extra/httpd-ssl.conf
however I got the result syntax ok in the end but I am not able to start my https request
is there any solution for this error.
December 16, 2018 at 1:10 PM
Michael, can you please review this suggestion?
https://stackoverflow.com/a/52821468/2377343
February 9, 2019 at 2:59 PM
Thanks for the recommendation Tamaz!
January 28, 2019 at 1:40 PM
Could you help me, please?
I’m getting error:
Your connection is not secure
The owner of localhost has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
localhost uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for . Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
February 9, 2019 at 10:35 AM
Hi Diego,
This is normal. You can’t have a signed certificate for a local site so you have to use a self-signed certificate. Just tell your web browser to accept it and your site will run on https. You may also be able to tell your web browser to always accept this local certificate so it doesn’t bother you again. This should only be used for development.
If you are running your website on an Intranet, there is little point in running your site on https – just use http. Alternatively, if you really have a valid reason for running your site over https on an Intranet, you will need to use your workstation management system to apply the change to all workstations.
Hope this helps.
Best regards,
Michael
April 30, 2019 at 2:27 PM
Thanks for the guide. It worked perfectly.
May 13, 2019 at 1:53 PM
For those of you who are getting a ‘403 forbidden, you don’t have permission’ error, it might be because you have not configured your directory access permissions correctly in ‘httpd-ssl.conf’. You need to add the following in httpd-ssl.conf:
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
#Require local
Require all granted
#Require all denied
You can replace ‘${INSTALL_DIR}/www’ with whatever path you wish to grant access to. Essentially, you can also just copy the corresponding code snippet from ‘httpd-vhosts.conf’ so it behaves the same way as it did before SSL was enabled.
I hope this helps anyone having the same problem I had.
Good luck!
Marvin
May 13, 2019 at 1:56 PM
Comment edit – You need to add the following in ‘httpd-ssl.conf’:
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
#Require local
Require all granted
#Require all denied
May 13, 2019 at 1:58 PM
Comment edit – You need to add the following in ‘httpd-ssl.conf’:
(less than sign)Directory “${INSTALL_DIR}/www/quick_job/dev/”(greater than sign)
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
#Require local
Require all granted
#Require all denied
(less than sign)/Directory(greater than sign)
June 24, 2020 at 5:23 PM
Getting a 404 error on all local sites with SSL. Directions worked fine (thank you), but when testing anything other than “https://localhost” comes up 404. I can access phpmyadmin in ssl, just no sites. Any ideas?
July 8, 2020 at 5:15 AM
For anyone who is having trouble configuring SSL with WampServer check out https://github.com/custom-dev-tools/WampServer-SSL-Auto-Config
This batch script (with a simple to edit sample-config.ini file example) should make setup a breeze whilst also:
1. Adding extra seperation between WampServer and your projects directories (noting ability for multiple domain setup).
2. Adding self signed certificates to your windows certificate store (eliminating the need to accept exceptions / untrusted certificates) every time.
3. Allowing URL friendly domain names (by updating your windows hosts file when run under administrator privileges).
December 29, 2020 at 5:36 AM
Thanks for sharing!
August 20, 2020 at 12:42 PM
Wonderful, Simply Superb. Very well and clearly explained. I could configure in first instance following your steps.
January 18, 2021 at 2:50 PM
Doesn’t work hangs on:
Generating RSA private key, 2048 bit long modulus (2 primes)
……………………………………………………………….+++++
…………………………………..+++++
March 22, 2021 at 5:52 PM
Hello Michael,
Thank you for your efforts. It is most helpful in doing a project that is both complicated and easy to mess up.
I tried starting WampServer, but it failed to start correctly, starting only 2 of the 3 services. I searched my work and discovered aproblem with step 5. In httpd-ssl.conf SSLCertificateFile and SSLCertificateKeyFile (Lines 130 and 131) also appear in lines 147 and 157. The two entries were different. Changing them to conform fixed the problem.
However, I was unable to test the install in the final step, Entering c:\wamp64\bin\apache\apache2.4.27\bin\httpd -t in the command line failed – not recognized as a command, program or batch file. Testing it manually seemed to work. What is that command line code supposed to do?