Let’s say you have a website on you wamp server by name project. So there’s a directory project
in your C:\wamp\www directory. Also visiting http://localhost/project on the browser takes us to your project website. Now we want to set up a virtual host with self signed SSL certificate so that we can visit our website on https://project.localhost.com. Below are the steps to achieve this.
C:\OpenSSL-Win64
.C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
to C:\Program Files\Common Files\SSL
(Create SSL folder if it doesn’t exists)cd C:\OpenSSL-Win64\bin
Type the below command
openssl genrsa -des3 -out server.key 1024
It will ask you for a password and then later ask you verify it by reentering.
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
In case you are having any other version than 2.4.9 of apache then change it in above command (Check the C:\wamp\bin\apache directory)
openssl rsa -in server.key -out servernopass.key
Since WAMP doesn’t support passphrase for key we’ll remove it
C:\wamp\bin\apache\apache2.4.9\conf\httpd.conf
file in a text editor#LoadModule ssl_module modules/mod-ssl.so
So it should now look like
LoadModule ssl_module modules/mod-ssl.so
Similary remove ‘#’ from below lines in same file
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd_ssl.conf
Move the last line Include conf/extra/httpd_ssl.conf
after the below line
C:\wamp\bin\apache\apache2.4.9\bin\php.ini
in a text editorextension=php_openssl.dll
C:\wamp\bin\apache\apache2.4.9\conf\extra\httpd_ssl.conf
file. You can simply copy and paste it with a different name (httpd_ssl_original.conf) in the same folder. Now open the httpd_ssl.conf file, delete all the code inside it (we are assuming this is the first time you are setting up a SSL on your WAMP server) and paste the below code.
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-x509-ca-cert .pem
NameVirtualHost *:443
DocumentRoot "c:/wamp/www/project"
ServerName project.localhost.com:443
ServerAdmin xxx@xxx.com
AllowOverride All
Require local
SSLEngine on
SSLCertificateFile "c:/wamp/ssl-certs/server.crt"
SSLCertificateKeyFile "c:/wamp/ssl-certs/servernopass.key"
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
C:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhosts.conf
file replace the code inside it with below one.
DocumentRoot "c:/wamp/www/"
ServerName localhost
ServerAlias localhost
#AllowOverride All
#Require local
#Allow from All
#Require local
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Allow,Deny
Allow from all
Require local
DocumentRoot "c:/wamp/www/project"
ServerName project.localhost.com
ServerAlias project.localhost.com
AllowOverride All
Require local
Allow from All
Require local
That's it. Now in your browser visit https://project.localhost.com. You'll get a security warning which is because we are usign the self signed certificate. If you are using Chrome browser then click on the advanced link at the bottom and then Proceed unsafe. You'll now see the website over https.
Worked like a charm. Thanks!
Excellent tutorial and your instructions are on point. I am a self-taught cgi engineer and webmaster who specialized in Perl early on, in 1997. As such, my field of knowledge must include a vast array of disciplines. I work on all major platforms and recently took up WAMP on Windows 10 to test my work (love it). When writing applications for the Web I do a great deal of work with MOD_REWRITE to enable advanced security features and to protect the paths visible in the browser. Since OpenSSL began to appear, I began to force redirect all http traffic to the https port. Before I started to install OpenSSL on the WAMP server, I researched a number of instructions and none worked. That is until I found your excellent tutorial. I have a near photographic memory and need only read material once. After I read your tutorial, I was able to configure WAMP within 5 minutes and it worked on the first run. You are great “OH MIGHTY ONE” and I very much appreciate your sharing your knowledge and experience with the world. It is people like you who brought me to where I am today. Thank you.
Excellent tutorial and your instructions are on point. I am a self-taught cgi engineer and webmaster who specialized in Perl early on, in 1997. As such, my field of knowledge must include a vast array of disciplines. I work on all major platforms and recently took up WAMP on Windows 10 to test my work (love it). When writing applications for the Web I do a great deal of work with MOD_REWRITE to enable advanced security features and to protect the paths visible in the browser. Since OpenSSL began to appear, I began to force redirect all http traffic to the https port. Before I started to install OpenSSL on the WAMP server, I researched a number of instructions and none worked. That is until I found your excellent tutorial. I have a near photographic memory and need only read material once. After I read your tutorial, I was able to configure WAMP within 5 minutes and it worked on the first run. You are great “OH MIGHTY ONE” and I very much appreciate your sharing your knowledge and experience with the world. It is people like you who brought me to where I am today. Thank you.
In answer to Robert’s post: simply create your virtual host from the homepage in WAMP. Be sure to verify each virtual host you create is present in the Windows host file (C:/WINDOWS/system32/drivers/etc/hosts). Once this has been achieved, simply open httpd-ssl.conf and add the virtual host you wish to use with the certificate you created. You can add as many virtual hosts as you please. I also advise you add the following lines to your .htaccess file in the root of each domain you add:
Options +FollowSymlinks
RewriteEngine on
# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Remove www from URL
RewriteCond %{HTTP_REFERER} !^https://www.YOURDOMAIN.com [NC]
RewriteCond %{HTTP_REFERER} !^https://YOURDOMAIN.com [NC]
hi.
i’ve i little problem: i need to have into my wamp local installation two virtual hosts (one for siteA, and another for siteB).
Basically i wish to have at the end something like https://siteA and https://siteB
so, do I have to repeat all the procedure for each site?
or there are other passages i have to do?
thanks in advance for your reply!
peter
This did not work. I got
“This site can’t be reached”
THE FIX: You must add it to your “hosts” file….
C:\Windows\System32\drivers\etc
edit the “hosts” file (the one with no extension) to include:
127.0.0.1 project.localhost.com
::1 project.localhost.com
THEN IT WILL WORK!
TIP: To edit the hosts file, click the windows start button, type “notepad” and then when you see the icon right-click and choose “Run as administrator” then from notepad navigate to C:\Windows\System32\drivers\etc and change “Text documents (*.txt)” to “All Files (*.*)” and then you can click on “hosts”
Include conf/extra/httpd-ssl.conf, NOT Include conf/extra/httpd_ssl.conf
Not working in my case, Apache is not starting + no error logs
Worked like a charm, thank you for this guide!
There was one slight issue:
Instead of Include conf/extra/httpd_ssl.conf
its Include conf/extra/httpd-ssl.conf
Hi, Robert! I just succeeded in adding a vhost w/ ssl support.
You basically repeat the process that worked for your localhost private-key, certificate-signing-request, and certificate, EXCEPT the files you create will have filenames that reflect your vhost (instead of localhost).
So, for each vhost that needs ssl, you’ll end up with separate .key, .csr, and .crt files unique to that particular vhost.
Then, you just add a block for the vhost into your httpd-ssl.conf. (I’m assuming you already have the unsecure block already created in your httpd-vhosts.conf.)
Hope this helps! 🙂
Thank you for the detailed description. I have been searching for a few days to find out if it is possible to generate one OpenSSL certificate to be used by WAMP that will cover all virtual hosts regardless of the virtual host names. I cannot find any statement saying such cannot be accomplished, but, I can’t find where it specifically says it can be done, and then how to do it.