How to add SSL / HTTPS to WampServer

With the importance of HTTPS for security and SEO (according to Google), you need a development environment that lets you run your site locally on https. Unfortunately, right out of the box, WampServer only includes a parts of what you need to get your local web server running over https://localhost.

In this article, we will go over the exact steps you can follow to get HTTPS / SSL working on your Wamp Server. These instructions assume that you are installing the 64-bit version of WampServer for Windows to your c: drive. If not, just replace c: with d:. You may also need to change the version number in some of the paths depending on when you downloaded Wamp Server.

How to use WAMP + SSL to open localhost over https:

  1. Download & install WampServer.
  2. Open a command prompt (WindowsKey + R > cmd > click OK) and enter the following commands.
    cd c:\wamp64\bin\apache\apache2.4.27\bin
    openssl genrsa -aes256 -out private.key 2048
    openssl rsa -in private.key -out private.key
    openssl req -new -x509 -nodes -sha1 -key private.key -out certificate.crt -days 36500 -config c:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf
    Note: You can pretty much answer the questions any way you want though real answers are best. The one question that really matters here is the FQDN. It should be: localhost.
  3. Move the private.key and certificate.crt files from c:\wamp64\bin\apache\apache2.4.27\bin to the c:\wamp64\bin\apache\apache2.4.27\conf\key\ folder. If the key folder doesn't already exist, create it.
  4. Using a text editor like Notepad, open c:\wamp64\bin\apache\apache2.4.27\conf\httpd.conf and un-comment following 3 lines:
    LoadModule ssl_module modules/mod_ssl.so
    Include conf/extra/httpd-ssl.conf
    LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  5. Using a text editor like Notepad, open c:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf and apply the following changes:
    Below the line: <VirtualHost _default_:443>, check the following parameters to ensure they are configured correctly and not commented.
    -------------------------------------
    DocumentRoot "c:/wamp64/www"
    ServerName localhost:443
    ServerAdmin admin@example.com
    SSLSessionCache "shmcb:c:/wamp64/bin/apache/apache2.4.27/logs/ssl_scache(512000)"

    ErrorLog "c:/wamp64/bin/apache/apache2.4.27/logs/error.log"
    TransferLog "c:/wamp64/bin/apache/apache2.4.27/logs/access.log"
    SSLCertificateFile "c:/wamp64/bin/apache/apache2.4.27/conf/key/certificate.crt"
    SSLCertificateKeyFile "c:/wamp64/bin/apache/apache2.4.27/conf/key/private.key"
    -------------------------------------
  6. Save the file and close it.
  7. You are done. To check the validity of file, at the command prompt, enter:
    c:\wamp64\bin\apache\apache2.4.27\bin\httpd -t
    and then use your web browse to go to https://localhost/

From this point on, you should be able to start, stop and restart Wamp Server and SSL-HTTPS will continue to work.

Enjoy!

Michael Milette


Comments

How to add SSL / HTTPS to WampServer — 12 Comments

  1. Excellent and very Clear. Thank you
    Howeverchecking the validity of the file, I get:

    AH00526: Syntax error on line 127 of C:/wamp64/bin/apache/apache2.4.27/conf/extra/httpd-ssl.conf:
    SSLSessionCache cannot occur within section

  2. Hi, thanks for this, I found it very helpful.

    However there is a step which you missed, you need to copy the private.key file and the certificate.crt files from the folder where they are created (c:\wamp64\bin\apache\apache2.4.27\bin) to the folder c:\wamp64\bin\apache\apache2.4.27\conf

    Once I figured that out, it all worked

  3. Thanks for this post. I know it is not in its finished form but I have used it to (nearly?) implement SSL on my Wampserver. This is my experience, in case it is of use.

    Because openssl did not seem to work on my old version, I have upgraded my Wampserver to v 3.1.1 64 bit. It took a while but it works fine now, and I am now on Apache 2.4.27. I was then able to follow your instructions to the letter.

    On checking the validity using httpd -t I found the following errors and corrected them:
    – SSLSessionCache line caused error “cannot occur within virtualhost section” – I moved it to replace existing SSLSessionCache line outside the virtualhost section
    – SSLCertificateFile and SSLCertificateKeyFile were pointing to the wrong folders, as the files are in bin not conf (they also needed their old values commenting out, which I had missed)
    – I also had to comment out CustomLog, as it pointed to an invalid folder

    I then had an Apache error: 1066, and the error log said SSLPassPhraseDialog builtin is not supported on Win32. The solution I used (from https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO11242) was to remove the encryption and comment out SSLPassPhraseDialog. (Maybe I should originally have used a blank Passphrase?)

    The situation now is that localhost works fine with my WordPress site, but https://localhost gives me a meesage that the certificate is not trusted. I switched to a simple one page index.html file for testing, so there are no complications from my site itself.

    In Firefox I managed to get the certicate trusted by clicking on the option it presented. Using Chrome settings I was able to install the certificate in the Trusted Root Certification Authorities Store. This meant that Edge treats it as trusted, but Chrome still does not (I am currently on version 65). Opera allows me in but marks it as not trusted.

    I then switched back to my WordPress index.php and in Chrome got the error “This server could not prove that it is localhost; its security certificate does not specify Subject Alternative Names.” It seems the issue is recognised – eg at https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288 and I used the solution there (editing the certificate). But it still did not help.

    I needed to use openssl to include Subject Alternative Names, using https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one as a basis, I added the following to the end of openssl.cnf and regenerated the certificate.

    [ req_ext ]
    subjectAltName = @alt_names
    [ alt_names ]
    DNS.1 = localhost
    DNS.2 = http://www.localhost

    I don’t know if I did it right, but the situation is no better, in that the browsers mark the site as insecure, but as my Wamp is a development system I think it is just about good enough for me to start preparing the main site for SSL, but I would still like to get https working properly.

    Thanks again.

  4. To solve the SubjectAltNames issue on my wamp, I used https://community.nethserver.org/t/subjectaltname-for-certificates/6786/4 to edit C:\wamp64\bin\apache\apache2.4.27\conf\openssl.cnf

    Under [ Req ] section
    uncommented: req_extensions = v3_req

    Under [ v3_req ] section
    Added: extendedKeyUsage = serverAuth
    Added: subjectAltName = @alt_names

    Under [ v3_ca ] section
    Added: subjectAltName = @alt_names

    Added new section [ alt_names ] at the bottom of the file
    [ alt_names ]
    DNS.1 = localhost
    DNS.2 = http://www.localhost

    Then reloaded the new certificate into the Trusted Root Certification Authorities Store (using Chrome Settings/Advanced/Manage certificates. The Chrome Developer tools Security tab helped confirm any issues.

    With my simple single html page https is now OK. When I switched back to my WordPress site, I had one issue but it is now working OK in https. I am now looking forward to using Really Simple SSL, and clearing all the mixed content.

    A hint for WordPress Users: If you are logged in and reload using https you get “This has been disabled”, as you need to log in again. What I did was log out using my old http, then reload using https, which then enabled me to log in.

    You will realise that I do not really know what I am doing, and just use bits of help where I can find it on the web. Thanks for your help.

      • I figured out my problem. The certificate.crt file has to be in the same location as the private.key.

        I think command four should read: SSLCertificateFile “c:/wamp64/bin/apache/apache2.4.27/bin/certificate.crt”
        SSLCertificateKeyFile “c:/wamp64/bin/apache/apache2.4.27/bin/private.key”

        instead of in the conf folder.

        Thanks for the awesome tutorial!

    • Hi Ioannis,

      Thank you for the suggestion. You were right of course. The physical location of the files and the recommended configuration settings did not line up.

      I’ve updated the article to correct the paths. I now recommend that you put the files in a folder called ..\conf\key\ just to keep things tidy and also modified the configuration instructions to reflect this change. With that said, you can certainly leave it as you configured it and it will continue to work correctly. Thank you for taking the time to share your solution.

      With gratitude,

      Michael

  5. I would recommend you to use Let’s Encrypt for applying SSL on PHP websites. Let’s encrypt is available for free and it will remain free. It is easy to install and configure with your website.

    • Thanks for your comment Oliver. Let’s Encrypt/Certbot is indeed a great tool that I often recommend. However it doesn’t work with https://localhost as far as I know – which is what the article is about.

    • Hi Valentin, thank you for your comment. I thought it would have been obvious that the file would be in the directory where you created it however I have taken your feedback into consideration and updated step 3. Best regards, Michael 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *