Enable virtual hosts with self signed SSL on WAMP

Let’s say you have a website on you wamp server by name project. So there’s a directory project in your C:\wamp\www directory. Also visiting http://localhost/project on the browser takes us to your project website. Now we want to set up a virtual host with self signed SSL certificate so that we can visit our website on https://project.localhost.com. Below are the steps to achieve this.

Install OpenSSL

  • Install OpenSSL exe found at http://slproweb.com/products/Win32OpenSSL.html
    While installation the setup will ask you to select a directory for installation. Note the path.
    Let’s say you installed it in C:\ drive. So after installation you’ll have a directory like C:\OpenSSL-Win64.
  • Copy C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf to C:\Program Files\Common Files\SSL (Create SSL folder if it doesn’t exists)

Generate key and certificate

  • Open command prompt and cd to bin folder in above directory
    cd C:\OpenSSL-Win64\bin

    Type the below command

    openssl genrsa -des3 -out server.key 1024

    It will ask you for a password and then later ask you verify it by reentering.

  • Then type below command
    openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -config C:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf

    In case you are having any other version than 2.4.9 of apache then change it in above command (Check the C:\wamp\bin\apache directory)

  • After above command you’ll be asked few questions. Just make sure you enter your domain name (eg abc.localhost.com) when asked for Common Name (e.g. server FQDN or YOUR name).
  • After entering details run the below command
    openssl rsa -in server.key -out servernopass.key

    Since WAMP doesn’t support passphrase for key we’ll remove it

  • Now three files server.crt, server.key and servernopass.key should have been generated in bin folder. Copy the server.crt and servernopass.key.
    Create a new folder ‘ssl-certs’ in C:\wamp and paste the server.crt and servernopass.key files in this directory.

Update conf files to create new virtual host and include certificates

  • Open C:\wamp\bin\apache\apache2.4.9\conf\httpd.conf file in a text editor
    Remove the comment ‘#’ from the line

    #LoadModule ssl_module modules/mod-ssl.so

    So it should now look like

    LoadModule ssl_module modules/mod-ssl.so

    Similary remove ‘#’ from below lines in same file

    LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    Include conf/extra/httpd_ssl.conf

    Move the last line Include conf/extra/httpd_ssl.conf after the below line

  • Open C:\wamp\bin\apache\apache2.4.9\bin\php.ini in a text editor
    Make sure the following line is uncommented by removing the semicolon (;) from the beginning.

    extension=php_openssl.dll
  • Now take a backup of C:\wamp\bin\apache\apache2.4.9\conf\extra\httpd_ssl.conf file. You can simply copy and paste it with a different name (httpd_ssl_original.conf) in the same folder. Now open the httpd_ssl.conf file, delete all the code inside it (we are assuming this is the first time you are setting up a SSL on your WAMP server) and paste the below code.

    
    Listen 443  
    
    AddType application/x-x509-ca-cert .crt
    AddType application/x-x509-ca-cert .pem
    
    NameVirtualHost *:443
    
    
        DocumentRoot "c:/wamp/www/project"
        ServerName project.localhost.com:443
        ServerAdmin xxx@xxx.com
        
         
              AllowOverride All
              Require local
           
              
    
        SSLEngine on
    
        SSLCertificateFile "c:/wamp/ssl-certs/server.crt"
        SSLCertificateKeyFile "c:/wamp/ssl-certs/servernopass.key"
    
        
            SSLOptions +StdEnvVars
        
        
            SSLOptions +StdEnvVars
        
        BrowserMatch "MSIE [2-5]" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
    		
    
    

  • Similarly after taking a backup of C:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhosts.conf file replace the code inside it with below one.

    
    
       DocumentRoot "c:/wamp/www/"
       ServerName localhost
       ServerAlias localhost
       
          #AllowOverride All
          #Require local
          #Allow from All
          #Require local
            Options Indexes FollowSymLinks MultiViews
            AllowOverride all
            Order Allow,Deny
            Allow from all
            Require local
       
    
    
    
       DocumentRoot "c:/wamp/www/project"
       ServerName project.localhost.com
       ServerAlias project.localhost.com
       
          AllowOverride All
          Require local
          Allow from All
          Require local
       
    
    

That's it. Now in your browser visit https://project.localhost.com. You'll get a security warning which is because we are usign the self signed certificate. If you are using Chrome browser then click on the advanced link at the bottom and then Proceed unsafe. You'll now see the website over https.

Join the discussion

  1. Avatar
    Russell says:

    Worked like a charm. Thanks!

  2. Avatar
    Chadwick Choate says:

    Excellent tutorial and your instructions are on point. I am a self-taught cgi engineer and webmaster who specialized in Perl early on, in 1997. As such, my field of knowledge must include a vast array of disciplines. I work on all major platforms and recently took up WAMP on Windows 10 to test my work (love it). When writing applications for the Web I do a great deal of work with MOD_REWRITE to enable advanced security features and to protect the paths visible in the browser. Since OpenSSL began to appear, I began to force redirect all http traffic to the https port. Before I started to install OpenSSL on the WAMP server, I researched a number of instructions and none worked. That is until I found your excellent tutorial. I have a near photographic memory and need only read material once. After I read your tutorial, I was able to configure WAMP within 5 minutes and it worked on the first run. You are great “OH MIGHTY ONE” and I very much appreciate your sharing your knowledge and experience with the world. It is people like you who brought me to where I am today. Thank you.

    Excellent tutorial and your instructions are on point. I am a self-taught cgi engineer and webmaster who specialized in Perl early on, in 1997. As such, my field of knowledge must include a vast array of disciplines. I work on all major platforms and recently took up WAMP on Windows 10 to test my work (love it). When writing applications for the Web I do a great deal of work with MOD_REWRITE to enable advanced security features and to protect the paths visible in the browser. Since OpenSSL began to appear, I began to force redirect all http traffic to the https port. Before I started to install OpenSSL on the WAMP server, I researched a number of instructions and none worked. That is until I found your excellent tutorial. I have a near photographic memory and need only read material once. After I read your tutorial, I was able to configure WAMP within 5 minutes and it worked on the first run. You are great “OH MIGHTY ONE” and I very much appreciate your sharing your knowledge and experience with the world. It is people like you who brought me to where I am today. Thank you.
    In answer to Robert’s post: simply create your virtual host from the homepage in WAMP. Be sure to verify each virtual host you create is present in the Windows host file (C:/WINDOWS/system32/drivers/etc/hosts). Once this has been achieved, simply open httpd-ssl.conf and add the virtual host you wish to use with the certificate you created. You can add as many virtual hosts as you please. I also advise you add the following lines to your .htaccess file in the root of each domain you add:

    Options +FollowSymlinks
    RewriteEngine on
    # Force HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    # Remove www from URL
    RewriteCond %{HTTP_REFERER} !^https://www.YOURDOMAIN.com [NC]
    RewriteCond %{HTTP_REFERER} !^https://YOURDOMAIN.com [NC]

  3. Avatar
    peter says:

    hi.

    i’ve i little problem: i need to have into my wamp local installation two virtual hosts (one for siteA, and another for siteB).

    Basically i wish to have at the end something like https://siteA and https://siteB

    so, do I have to repeat all the procedure for each site?
    or there are other passages i have to do?

    thanks in advance for your reply!

    peter

  4. Avatar

    This did not work. I got

    “This site can’t be reached”

    THE FIX: You must add it to your “hosts” file….

    C:\Windows\System32\drivers\etc

    edit the “hosts” file (the one with no extension) to include:

    127.0.0.1 project.localhost.com
    ::1 project.localhost.com

    THEN IT WILL WORK!

    TIP: To edit the hosts file, click the windows start button, type “notepad” and then when you see the icon right-click and choose “Run as administrator” then from notepad navigate to C:\Windows\System32\drivers\etc and change “Text documents (*.txt)” to “All Files (*.*)” and then you can click on “hosts”

  5. Avatar
    CHIL says:

    Include conf/extra/httpd-ssl.conf, NOT Include conf/extra/httpd_ssl.conf

    Not working in my case, Apache is not starting + no error logs

  6. Avatar
    Chris says:

    Worked like a charm, thank you for this guide!

    There was one slight issue:
    Instead of Include conf/extra/httpd_ssl.conf
    its Include conf/extra/httpd-ssl.conf

  7. Avatar
    Tze Lei says:

    Hi, Robert! I just succeeded in adding a vhost w/ ssl support.

    You basically repeat the process that worked for your localhost private-key, certificate-signing-request, and certificate, EXCEPT the files you create will have filenames that reflect your vhost (instead of localhost).

    So, for each vhost that needs ssl, you’ll end up with separate .key, .csr, and .crt files unique to that particular vhost.

    Then, you just add a block for the vhost into your httpd-ssl.conf. (I’m assuming you already have the unsecure block already created in your httpd-vhosts.conf.)

    Hope this helps! 🙂

  8. Avatar
    Robert says:

    Thank you for the detailed description. I have been searching for a few days to find out if it is possible to generate one OpenSSL certificate to be used by WAMP that will cover all virtual hosts regardless of the virtual host names. I cannot find any statement saying such cannot be accomplished, but, I can’t find where it specifically says it can be done, and then how to do it.

Leave a Reply

Your email address will not be published. Required fields are marked *