XAMPP: SSL Encrypt the Transmission of Passwords with https

July 15th, 2007

This article is part of a series of articles about making XAMPP more secure. See the overview page for all the security measures.

If you don’t have encryption enabled on a password protected folder, the password will be sent in cleartext – meaning that it can be seen by anyone using a network sniffer. It is a good idea to encrypt the transmission of these passwords. There are 2 steps to this process, first we need to create SSL certificates, and then we need to make sure that the password protected pages are only accessed with encryption. It’s also a good idea to import your certificates into any browsers on all machines that you plan to use to access your server, otherwise you’ll get a warning about an untrusted certificate authority.

Create SSL Certificate and Server Private Key

In order to enable the encryption of your password, you must create an SSL certificiate (containing your public key) and a server private key. XAMPP provides a default certificate/key that can be used, but it is better to create a new one since the default key is available to anyone who downloads XAMPP. If someone knows your key, they can decrypt your packets.

XAMPP provides a batch file for creating a new certificate/key with random encryption keys. To execute this batch file, do the following:

  1. Open a command window (Start->Run, type “cmd” and press “OK)
  2. cd c:\xampp\apache
  3. makecert

You will then see this:

C:\\xampp\\apache>newcert
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
............................++++++
.....................................++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:

Enter in a pass phrase for decrypting your private server key, and press Enter. Write down this passphrase so you don’t forget it. Now you will be asked to verify it:

Verifying - Enter PEM pass phrase:

Enter your passphrase a second time and hit Enter. Now, you’ll see this:

-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:

Enter in your 2 letter country code. You’ll be asked for a few more items (shown below). Enter is what you think is most appropriate, but stop when you are asked for “Common Name”

State or Province Name (full name) [Some-State]:NY
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Rob's Great Company
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:

For “Common Name”, you need to enter in the DNS name or IP address of your website. The name that you enter in here will need to match the server name that is entered into the browser that is accessing the page. It is important that this common name match the address that goes into a browser, otherwise you will get extra warnings when navigating to your secure web pages. If you are running this website over the public internet on an IP address that changes sometimes, you can use a Dynamic DNS service such as dyndns.org to get a free domain name that always points to your server. After you enter in the “Common Name”, you are asked for more information. Fill in what you think is appropriate, but it is OK to just hit ENTER to accept the defaults. Eventually, you will be asked for the pass phrase for privkey.pem:

Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Enter pass phrase for privkey.pem:

Enter the pass phrase that you created earlier, and now you will see this:

writing RSA key
Loading 'screen' into random state - done
Signature ok
subject=/C=xx/ST=xx/L=xxxx/O=xxx/CN=commonname
Getting Private key

-----
Das Zertifikat wurde erstellt.
The certificate was provided.

Press any key to continue . . .

C:\\xampp\\apache>

You are now finished creating your SSL certificate and private key. The makecert.bat script will move your server private key and certificates in the appropriate directories for you.

Import the certificate into the browser for each client

Since this certificate is self signed, and is not signed by a well known Certificate Authority (CA), when you browse to the protected pages you’ll get a warning. To turn off this warning, the certificate should be imported as a trusted CA into any browsers that you will use to access your server.

Importing the certificate into IE 7

Here are the steps to import the certificate into IE 7:

Tools->Internet Options
Content Tab->Certificates Button
Trusted Root Certification Authorities Tab->Import Button

Now you’ll see the “Certificate Import Wizard”
Click Next
Provide file name: c:\xampp\apache\conf\ssl.crt\server.crt
Click Next
Leave default to Place all Certificates in Certificate store: Trusted Root Certification Authorities, and click Next
Click Finish

Importing the certificate into Firefox 2:

Here are the steps to import the certificate into Firefox 2:

Tools->Options
Advanced->Encryption Tab->View Certificates Button
Authorities Tab->Import Button
Select file: c:\xampp\apache\conf\ssl.crt\server.crt, and click “Open”
Check “Trust this CA to identify web sites”
Click “OK’
Click “OK” in Certificate manager
Click “OK” In original Options window to get back into Firefox

Edit Apache config for encryption only access to password protected folders.

Now we will instruct Apache to access the password protected folders with SSL encryption exclusively. This is done in 2 steps. First, we setup the Apache config files for these folders to say they can only be accessed with SSL encryption. Next, we redirect any “http” traffic to these pages to “https” (this is optional).

Make folders accessible with SSL encryption only

First, we need to inform Apache that the folders you want to encrypt should use always use encryption (and never go in the clear). This is accomplished by putting an SSLRequireSSL directive inside of each desired <Directory> listing in the config files (it is ok to put it at the end, just before the </Directory>). The red text below shows what to do.

    Alias /web_folder_name "C:/xampp/foldername"
    <Directory "C:/xampp/foldername">
        ...
        ...
        SSLRequireSSL
    </Directory>

I suggest doing this for the following folders (if you still have them):

  • Config File: c:\xampp\apache\conf\extra\httpd-xampp.conf
    • c:\xampp\phpmyadmin
    • c:\xampp\htdocs\xampp
    • c:\xampp\webalizer
    • c:\xampp\security\htdocs
  • Config File: c:\xampp\webdav
    • c:\xampp\webdav

Redirect “http” to “https” for certain folders

This next optional step is to redirect “http” requests to “https” requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).

First, we need to make sure that mod_rewrite is enabled. To do this, edit c:\xampp\apache\conf\httpd.conf and get rid of the comment (# character) in this line:

#LoadModule rewrite_module modules/mod_rewrite.so

to make it look like this:

LoadModule rewrite_module modules/mod_rewrite.so

Now, paste the following text into the top of c:\xampp\apache\conf\extra\httpd-xampp.conf:

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect /xampp folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} xampp
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /phpMyAdmin folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} phpmyadmin
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /security folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} security
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /webalizer folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} webalizer
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>

If you have other folders you want to redirect to https://, add the generic text below (but substitute your folder name):

    # Redirect /folder_name folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} folder_name
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

If you are going to host a webdav server, it is probably best to not have this redirection and to just require https://. This way, people can only use https:// when addressing your webdav folder. I tried using redirection for a webdav server and giving http:// in both XP and MAC OS X, and it didn’t work when encryption is required.

One thing to keep in mind with this redirection is that if you have virtual hosts, you need to place the redirection code (with the RewriteCond and RewriteRule) inside of your virtual host declarations, otherwise the redirection won’t work.

75 Comments

  1. Rob Oudendijkon 01 Nov 2007 at 12:11 am

    Your article about the SSL certificate on Xampp saved my day.

    thanks
    regards Rob Oudendijk

  2. sherif sakron 05 Dec 2007 at 3:19 am

    Great thank you very much.

  3. FeArXon 17 Dec 2007 at 8:15 pm

    Hey! This is a great tutorial! =D Can you make one like this but using other certification authorities? like Verisign? Thanks

  4. areenon 31 Mar 2008 at 8:07 am

    Wow! That was a really great tutorial after all!

    thank u..
    ngeee:D

  5. Hung Dinhon 24 Apr 2008 at 11:29 am

    this is a very useful article. Thank you. I solve my problem for class project.

  6. Danielon 01 May 2008 at 12:59 am

    Excellent article! Just what I wanted to know.

  7. Ivo Roperon 13 May 2008 at 7:21 pm

    Thank you Rob! Another note, folks will likely also want to change entries in apache/conf/extra/httpd-ssl.conf to reflect your domain, server root, folder permissions and so forth.

  8. Nathan Lodingon 10 Jun 2008 at 10:11 am

    Thank you for the article. This helped me immensely — I have set up HTTPS and certs on an IIS machine, but never with Apache. Thanks.

  9. Chrison 02 Jul 2008 at 6:22 pm

    You’re a freaking XAMPP king. Many thanks. Seconding the third party / verisign comment from above.

  10. pdevon 05 Oct 2008 at 1:14 pm

    I am under your spell!
    Doing technical documentation myself for over 20 years, I have an eye for errors or docs that tend to over explain. Not true here!!!!
    You obviously know the topic above and beyond any other resource I have been able to find on the net.
    Being a Windows whore for many years, I’m slowly making the leap to Apache in hopes of hosting my own domain.

    You’re doing the work for me and at the same time, demonstrating in a way that makes it stick in my head.

    All I can say is WOW and Thanks a million times for your efforts.

  11. whoamion 28 Oct 2008 at 5:22 am

    thanks a lot. Without you my database could’ve been spoilt by irrisponsible peeps. cheers :)

  12. Matthewon 09 Nov 2008 at 8:55 am

    Hi there! This is a great tutorial, but I’ve a got a bug in my system & I was hoping someone can tell me how to fix it. I’m currently using XAMPP-win32 version 1.6.8 & my problem is that after running the makecert command I’m unable to type anything when requested for the pass phrase & as a result I can’t proceed. Can anyone help me out with this?

  13. Matton 10 Nov 2008 at 12:17 am

    Thank you!

  14. janon 22 Nov 2008 at 5:27 pm

    Thank you – great explanation

  15. arif ekoon 24 Nov 2008 at 6:07 am

    thax, it’s usefull

  16. Hieu Hanon 24 Nov 2008 at 11:21 pm

    Many thanks. How I love your tutorial how I love internet…

  17. Jan Michael Yapon 26 Nov 2008 at 3:48 am

    Thank you Mr. Rob

  18. confusedon 08 Dec 2008 at 10:56 am

    I don’t get which pass phrase gets revealed to others and which stays private?? I don’t understand! all I want is for https:// to work why do they make it so difficult? Where is config file? Where do I add this stuff? When I follow directions it doesn’t work then I go to my site and it says forbidden!

  19. ssl certificate with IE browseron 15 Dec 2008 at 9:05 pm

    I already do your step I got success with Firefox browser but IE browser, it doesn’t works, can you tell detail about this?

    chhivhorng

  20. bpon 15 Jan 2009 at 2:50 am

    why this step by step, not work with URL with other 80 port ??
    please

  21. Anupam Guptaon 26 Jan 2009 at 6:52 am

    Thanks you sir,

    that was really helpful,

  22. Carmenon 04 Feb 2009 at 10:29 am

    Your tutorial is simply the best I could find in all the web.
    I didn’t understand the last point…
    “One thing to keep in mind with this redirection is that if you have virtual hosts, you need to place the redirection code (with the RewriteCond and RewriteRule) inside of your virtual host declarations, otherwise the redirection won’t work.”
    How can I place the redirection code in my host declaration? Where is my host declaration? Because my redirections seem not to work… Thank you

  23. Nevenon 12 Mar 2009 at 11:31 am

    Hello!
    First, i’d like to thank the author for this article, it’s absolutely great and helpful.

    But i have one question regarding to SSL Certificates.

    Does anybody know how to automatically install certificate from server, so i don’t need to manualy import it on every browser?
    For example, i am building Adobe Flex application, and i am not getting any warrnings for untrusted certificate authority.. ofcourse, my application doesn’t work without imported certificate in used browser.

    I appreciate any help.

  24. faardeenon 18 Mar 2009 at 10:34 am

    its not working for me

    the error is as below:

    Secure Connection Failed

    localhost uses an invalid security certificate.

    The certificate is not trusted because it is self signed.
    The certificate expired on 12/4/2006 7:11 AM.

    (Error code: sec_error_expired_issuer_certificate)

    * This could be a problem with the server’s configuration, or it could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

    Or you can add an exception…

  25. Renéon 31 Mar 2009 at 7:32 am

    This was SO helpful … THX!
    One question; my vhost dir ‘manager’ (http) redirects to vhost dir ‘manager.ssl’ (htpps). How does the mod rewrite looks like in my case?

  26. softon 05 Apr 2009 at 9:00 am

    Hi ppl :) can some one plz help me? i’am stuck at: Edit Apache config for encryption only access to password protected folders. all the other stuff is done. have i done this right or not.. it does not use https now :/ here is my httpd-xampp.

    RewriteEngine On

    # Redirect /xampp folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} xampp
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /phpMyAdmin folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} phpmyadmin
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /security folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} security
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /webalizer folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} webalizer
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # XAMPP settings
    #

    #ScriptAlias /php/ “C:/xampp/php/”
    #Action application/x-httpd-php “/php/php-cgi.exe”
    LoadModule php5_module “C:/xampp/apache/bin/php5apache2.dll”
    AddType application/x-httpd-php-source .phps
    AddType application/x-httpd-php .php .php5 .php4 .php3 .phtml

    php_admin_flag safe_mode off



    SSLRequireSSL

    Alias /security “C:/xampp/security/htdocs/”

    php_admin_flag safe_mode off

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all



    SSLRequireSSL

    Alias /phpmyadmin “C:/xampp/phpMyAdmin/”

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all



    SSLRequireSSL

    Alias /webalizer “C:/xampp/webalizer/”

    php_admin_flag safe_mode off

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all



    SSLRequireSSL

    Alias /contrib “C:/xampp/contrib/”

    php_admin_flag safe_mode off

    AllowOverride AuthConfig
    Order allow,deny
    Allow from all



    SSLRequireSSL

    # Access restriction via Remote

    AllowOverride All
    AuthType Basic
    AuthName “AUTH REMOTE TEST”
    AuthRemoteServer localhost
    AuthRemotePort 80
    AuthRemoteURL /forbidden/
    Require valid-user
    #User: user / Password: pass



    SSLRequireSSL

    # Access restriction via MySQL

    AuthMySQLEnable On
    AuthName “MySQL Secured Place”
    AuthType Basic
    require valid-user
    AuthMySQLHost localhost
    AuthMySQLUser root
    # AuthMySQLPassword
    AuthMySQLDB webauth
    AuthMySQLUserTable user_pwd
    AuthMySQLNameField name
    AuthMySQLPasswordField pass
    AuthMySQLPwEncryption none

  27. rahilon 07 May 2009 at 6:38 am

    Thank you very much…

    it is great post it works fine in all browser

  28. Fremahon 13 May 2009 at 1:39 pm

    Great Post. Worked Perfectly! Thank you so much Rob

  29. Jeedon 14 May 2009 at 1:58 pm

    Thank you! Great post

  30. trikion 24 May 2009 at 4:59 pm

    great post ,thank you.

  31. Anandon 19 Jun 2009 at 11:03 am

    Very useful little guide. Thank u so much

  32. Alion 11 Jul 2009 at 6:31 am

    Thank you for precious guide

  33. Luis Riveraon 04 Aug 2009 at 12:05 pm

    Thank you very much…!!! It is a great post and it works fine. I’d like to know if the certification file register step (on the client side) my be automatic.

  34. imamon 05 Sep 2009 at 1:06 am

    Thanks so much mr rob this information very ..good

  35. TMon 16 Sep 2009 at 3:05 am

    Nice understandable post. It works!

  36. Forbidden Problem Solvedon 16 Sep 2009 at 4:08 am

    Quote from another forum:

    “Well, I have solved the above problem just after posting the thread !

    The indication was in “Tue Dec 11 12:02:55 2007] [error] [client 10.96.10.10] client denied by server configuration: /usr/local/apache2/htdocs/”

    I did not know that SSL needs separate DocumentRoot setting in httpd-ssl.conf ! When I change it from /usr/local/apache2/htdocs/ to /home/web/homepage, it works perfectly !

    Now I have a second related question to ask. I want to serve a few folders (e.g. webmail) ONLY under https, and NOT http. How do I achieve that ?”

    In summary change the document root in httpd-ssl.conf to the one in the httpd.conf too.

  37. Basilon 25 Sep 2009 at 9:50 am

    Fantastic Rob. Thank you.

  38. Iullyon 16 Oct 2009 at 2:03 am

    I’ve follwed this step but it dosen’t work :( .when I acces my site from another computer I have just a attention message.How could I locked site access from other computer using new certificate?

    Many thanks,

  39. No malason 29 Oct 2009 at 5:42 am

    Thanks! Your page is awsome!

  40. cindyon 11 Nov 2009 at 11:22 am

    your tutorials are really awesome, but i can’t make the ssl certificate due to some unknown reason. I can’t enter the PEM password in the beginning, the characters simply won’t input. I tried several times, restarted everything but nothing seems to change….

  41. philipon 20 Nov 2009 at 8:34 am

    Cindy, just type in your password, you won’t see the characters, but your password will be inputted!

  42. hdlkon 12 Dec 2009 at 2:35 am

    Could any one explain to me how to secure folder inside htdoc because i tried many times but it does not work especially when i use SSLRequireSSL

    Thank you

  43. [...] Need to create a HTTPS site from home.. this is how to change the password in xampp XAMPP: SSL Encrypt the Transmission of Passwords with https __________________ Guns don’t kill people, people kill [...]

  44. Doan minh giangon 09 Jan 2010 at 9:50 pm

    Thanks alot!

  45. Chairlineon 12 Jan 2010 at 2:58 pm

    Hi,

    The xammp successfully works and I have done all those configuration except the “SSL”. When I click Start- run – cmd the c:\xampp\apache did not show, instead c:\Documents and Setting\myname

    Pls. advise. thanks
    Did I miss something? Pls help. I am a newbie.

  46. bangjampangon 25 Jan 2010 at 1:00 am

    hi bro, i just tryed you tutorial and its work fine for me, so i ust want to say a lot of big thanks for you tutorial. you have save my time bro, thanks bro keep up the good work thanks

  47. Roberto Rdguez Glezon 03 Feb 2010 at 9:41 am

    Hola, la verdad es que este artículo es una maravilla. Gracias por todo, hace mucho tiempo buscaba algo parecido y me ha funcionado a la perfección pero tengo un problema.
    Cuando hago todos los pasos el servidor general un Certificado SSL para un sitio, quisiera generar uno para cada sitio.
    Si me pueden ayudar se lo agradecería.
    Saludos

  48. arieson 08 Feb 2010 at 4:52 am

    Hello everybody, I am setting up a development environment using XAMPP 1.7.3 on Windows 7 for my school project. I have already created a self signed CA, Server and Client certificates and installed the same to IE and Firefox. The CA and Server certificates are working fine. The problem is when I activate the client certificates:
    SSLVerifyClient require
    SSLVerifyDepth 2)
    I get the following error messages:
    Secure Connection Failed
    An error occurred during a connection to http://www.buwbcs.com.
    SSL peer was unable to negotiate an acceptable set of security parameters.
    (Error code: ssl_error_handshake_failure_alert)
    What is the possible reason for this error?
    IE displays the list of client certificates to select from but Firefox does not.

    My httpd.ssl.cnf configuration is as follows:

    Listen 443

    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl

    SSLPassPhraseDialog builtin
    SSLSessionCache “dbm:logs/ssl.scache”
    SSLSessionCacheTimeout 300
    SSLMutex default

    DocumentRoot “/project/htdocs”
    ServerName http://www.buwbcs.com:443
    ServerAdmin webmaster@buwbcs.com
    ErrorLog “logs/error.log”

    CustomLog “logs/access.log” combined

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile “conf/ssl.SERVER/bu_SERVER.crt”
    SSLCertificateKeyFile “conf/ssl.SERVER/bu_SERVER.key”
    SSLCertificateChainFile “conf/ssl.CA/bu_CA.crt”
    SSLCACertificatePath “conf/ssl.CA”
    SSLCACertificateFile “conf/ssl.CA/bu_CA.crt”

    SSLVerifyClient require
    SSLVerifyDepth 2

    SSLOptions +StdEnvVars

    SSLOptions +StdEnvVars

    BrowserMatch “.*MSIE.*” nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    CustomLog “logs/ssl_request.log” “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

    Any help in analyzing these and ideas to solve this problem will be highly appreciated.

    Thank you in advance.

    Aries

  49. charison 04 Mar 2010 at 7:29 pm

    thank you so much!

  50. stiffreeon 10 Mar 2010 at 4:34 pm

    So good! Thanks alot!

  51. tcon 19 May 2010 at 1:33 am

    Thanks for the tut.
    I think the fact that the pass phase doesnt get displayed on the cmd line should be clearly stated.

    Cheers

  52. tcon 19 May 2010 at 1:34 am

    ##Thanks for the tut.
    I think the fact that the pass phase doesnt get displayed on the cmd line should be clearly stated.

    Cheers

  53. angelo55on 05 Jun 2010 at 12:46 pm

    This is a very very good article!!!. Thank you.

  54. Jonon 23 Jul 2010 at 4:06 pm

    This is a really good guide, wayyyyy impressed, but i’m stuck at “Edit apache config for encryption only access” part.

    What directory and file name in apache do we edit? Is it /conf/httpd.conf ?
    and whats the
    Alias /web_folder command do ?

  55. dcesaron 24 Jul 2010 at 11:36 pm

    amazing, thank you a lot!!!

  56. Mohamed Dawaina Sulaimanon 27 Jul 2010 at 7:21 am

    Help how to create a simple OCSP server?

  57. Peppion 03 Sep 2010 at 3:18 am

    Ok for all of you that were getting blank pages, remember that you are moving from http to https and therefore are moving from port 80 to port 443 if you are doing this on a home server make sure you port forward all requests on port 443 to your server or your routers firewall will block it. Oh you’ll also have to open a port on the windows firewall if you are even using it. Hope this helped someone out there.

  58. aridenon 08 Sep 2010 at 8:55 am

    Merci pour ce super tuto :)

  59. Adanon 20 Sep 2010 at 1:43 pm

    How to create new SSL certificate????I want to replace old one.

  60. [...] did the configuration changes as suggested by: http://robsnotebook.com/xampp-ssl-encrypt-passwords and it seems like working fine. But still when I type in with my servername.com it redirects to [...]

  61. afzaron 04 Jan 2011 at 9:50 pm

    How do i reset my localhost rootuser username and password. I cannot remember it and lost the paperwork!! Please help!!

  62. Ianon 04 Mar 2011 at 8:14 pm

    Works exactly as documented in this post. Brilliant!

  63. slowon 15 Mar 2011 at 4:55 pm

    Hi. When i try to Create SSL Certificate and Server Private Key I get this error:

    x:\Documents and Settings\xxxx>E:\xampp\apache\makecert.bat
    The system cannot find the path specified.
    The system cannot find the path specified.
    The system cannot find the path specified.
    Could Not Find C:\Documents and Settings\xxxx\.rnd
    Could Not Find C:\Documents and Settings\xxxx\privkey.pem
    Could Not Find C:\Documents and Settings\xxxx\server.csr
    The system cannot find the file specified.
    The system cannot find the file specified.

    —–
    Das Zertifikat wurde erstellt.
    The certificate was provided.

    Press any key to continue . . .
    >>

    Doing this:
    Run, type “cmd” and press “OK)
    cd c:\xampp\apache
    makecert
    >>
    does nothing…I replaced the “c” with “e”…
    Any ideea?
    Thanks.

  64. OSCARon 29 Mar 2011 at 11:04 pm

    gRACIAS POR TU TUTORIAL ESTA MUY BUENO

  65. Ananon 17 May 2011 at 5:24 am

    Great Job

  66. Jonon 11 Jun 2011 at 10:57 am

    It works ok for me until the last step. When I start the batch file, privkey.pem appears in c:\xampp and the when I type the last pass phrase, it disappears. I did a search of the whole xampp folder tree and no pem files !

    The tutorial says the makecert.bat script will move your server private key and certificates in the appropriate directories but what are the appropriate directories. They are not in the xampp path for sure !

  67. Andreaon 29 Jun 2011 at 2:13 am

    fantastic, work it with apache2 .X on xampp
    thanks

  68. Kostison 03 Jul 2011 at 5:49 pm

    Greate post. Really useful and accurate. However, I have a problem. When i open my index page, it opens in http. When a go to login form, it opens with https. The problem is that after that, when I return to the home page, the https remains. If someone can propose something, I would appreciate it. THANK YOU. Congratulations again.

  69. nikkion 19 Sep 2011 at 3:53 am

    Hello,
    I am trying to redirect “http” to “https”. I successfully followed the steps to create SSL Certificate as per this website:
    However, it seems that it didn’t work. I am still getting the following error messages:
    For IE browser:
    There is a problem with this website’s security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    The security certificate presented by this website was issued for a different website’s address.

    For Firefox browser:
    This web site does not supply ownership information .

    Do I need to buy SSL Certificates?
    Appreciate your suggestions.

    Thanks.

  70. nikkion 19 Sep 2011 at 3:56 am

    Hello,
    I am trying to redirect “http” to “https”. I successfully followed the steps to create SSL Certificate as per this website:
    However, it seems that it didn’t work. I am still getting the following error messages:
    For IE browser:
    There is a problem with this website’s security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    The security certificate presented by this website was issued for a different website’s address.

    For Firefox browser:
    This web site does not supply ownership information .

    Do I need to buy SSL Certificates?
    Appreciate your suggestions.

    Thanks.

  71. MYHon 08 Oct 2011 at 7:07 pm

    Great tutorial! Thanks.

  72. marcoson 09 Jun 2012 at 9:16 pm

    The best tutorial ever!!… You saved my assss!!!!!!!

  73. satyamon 23 Jun 2012 at 5:15 pm

    Every tutorial of yours is so easy to understand and simply great..keep it up and god bless you!!

  74. scon 07 Aug 2012 at 6:11 am

    Reply to Nikki:
    cert is different from web page.
    it didn’t work to use “reload” button.
    u need to close web browser and open a new one.

  75. scon 07 Aug 2012 at 6:14 am

    reply to slow:
    ur path did not change to e: successfully.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.