An SSL certificate provides a secure connection between your website and the visitor’s browser. All data transmitted is encrypted and protected from eavesdropping and tampering. Wamp doesn’t come with it enabled out of the box, so here’s how to set it up. This article assumes you already have Wamp up and running. Enabling https in Wamp is a straightforward process. Here we go!
Setup the certificate
Using a self signed certificate is the easiest way to get set up locally.. The de-facto one to use is OpenSSL, which is free and can be downloaded from here: https://www.openssl.org/.
You probably want to download an installable binary, rather than do all the prerequisite build-yourself approach provided on their github. Especially if it’s just for local dev. In that case you can download the binary from one of the links at https://wiki.openssl.org/index.php/Binaries (whilst make a mental note of the disclaimers).
Open your command prompt and change to the directory where OpenSSL was installed. This should be something along the lines of: C:\OpenSSL\Bin on Windows.
Next, you’ll need to generate a private key. Run the following command:
openssl genpkey -algorithm RSA -out private.keyOnce you have the private key, you’ll need it to generate your certificate signing request (CSR). This is a file that wil contain information about your website and the domain name you want to secure. Not to relevant on a local test environment, but required anyway. So run this to generate your CSR:
openssl req -new -key private.key -out certificate.csrThe last step is to generate your actual self-signed certificate:
openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crtNow you’re ready to hook it up to your server! Keep in mind that a self-signed certificate is only suitable for testing purposes, as it will not be trusted by web browsers unless you install it on the client machines. If you want to secure your website for public use, it’s recommended you purchase an SSL certificate from a trusted authority.
Enabling HTTPS in Wamp/Xamp
To use this SSL, you’ll need to have the SSL module enabled in Apache. To do this, open your WAMP server and click on the Apache icon in the system tray. From there, click on Apache Modules, then select “ssl_module”.
The next step is to specify the location of your SSL certificate and configure some settings for the SSL protocol in the Apache configuration file (httpd.conf). Open this file using a text editor, and look for the virtual host entry that corresponds to your website. Here’s an example of what that entry might look like after you’ve added the SSL-related settings:
<VirtualHost *:443>
ServerName localhost
DocumentRoot "c:/wamp64/www"
SSLEngine on
SSLCertificateFile "c:/wamp64/bin/Apache24/conf/ssl/certificate.crt"
SSLCertificateKeyFile "c:/wamp64/bin/Apache24/conf/ssl/private.key"
</VirtualHost>In this example, we’re using the “ServerName” directive to specify the domain name associated with the virtual host, and the “DocumentRoot” directive to specify the location of the website files on the server. The “SSLEngine” directive is set to “on” to enable SSL for this virtual host, and the “SSLCertificateFile” and “SSLCertificateKeyFile” directives specify the locations of the certificate and private key files, respectively.
If you’re using multiple domains locally via a vhosts file, you can duplicate the code above and define http for each domain, eg: ServerName testdomain.local etc.
Once this is done, restart Apache. After saving the changes to the httpd.conf file, you’ll need to restart Apache for the changes to take effect. You can do this by clicking the WAMP icon in the system tray, then clicking “Restart All Services”.
That’s it! You should now be able to access your website using the “https” protocol, and your visitors will have a secure connection to your site. You can verify the SSL certificate by clicking on the padlock icon in the address bar of your web browser and checking the certificate details.