I had the problem that when I typed "localhost", it redirected me to the page I was creating. I solved it by removing the ":80": resulting in I didn't modify the ":443".
I'm trying to learn how to do this on an Ubuntu virtual machine but I know this video is not far away. I'm learning about the .htaccess file so this is real helpful!
Nice video and this works on my local computer! I want to ask about what should I put on the url if I want to run my program on mobile browser? Thank you!
Glad to hear that! 💜 If your mobile phone and the computer running localhost are on the same network, you should install the SSL certificate on your mobile phone as well so that the browser recognizes it. Unfortunately, I don't have a step-by-step guide for this specific case.
After installing the SSL certificate on mobile phone, do I use the IP address on the mobile browser to access my program without the "Not secure" error? Thanks again!
great work @neutron thanks bro , please i have one question I applied it to the same computer and it works fine, but when I try to access my local site from another device local , HTTPS it doesn't work. Why please help me ?
Hey! When you try to access your local site from another device on the network, it doesn't work because the certificate is self-signed and not issued by a trusted Certificate Authority (CA). To allow other devices on the network to accept it, you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from. For Linux devices, you'll need to export the certificate file (.crt) to the '/usr/local/share/ca-certificates/' directory and then run the 'update-ca-certificates' command. For Windows and macOS devices, it's best to search online for a step-by-step guide, as the process can be quite lengthy.
@@tarekdhl6446 If you're referring to the .crt file, you can find it in the 'xampp\apache\conf\ssl.crt' directory and the name of the file should be 'server.crt'
@@NeutronDev i referring point to this "you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from" Where can I get it? for https local in anothes user local network
thanks , its very usefully video, i have small issue, i installed the certificate in windows server and its work successfully from inside the server, but when i open the website from outside I got (the website is not secure) error and red color on https protocol on URL, but the website is work fine
Hey! The certificate must not be used on the internet, only on the local machine. That's because it's a self signed certificate and it's not recognized by any authority.
not work for me bat file listen this error The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. Could Not Find C:\Windows\system32\.rnd Could Not Find C:\Windows\system32\privkey.pem Could Not Find C:\Windows\system32\server.csr The system cannot find the file specified. The system cannot find the file specified. ----- Das Zertifikat wurde erstellt. The certificate was provided. Press any key to continue . . .
The makecert.bat file is trying to remove the '.rnd', 'privkey.pem' and 'server.csr' from the current directory but it seems that in your case the current directory is 'C:\Windows\system32'. Where are you running the makecert.bat from? 'System32'?
I got an issue issue: apache shutdown unexpectedly. This may be due to a blocked port, missing dependencies, improper privileges, a crash, or a shutdown by another method. Press the Logs button to view error logs and check the Windows Event Viewer for more clues If you need more help, copy and post this entire log window on the forums.
@NeutronDev my 443 port is being used by another process that why I change my port to 8443 but when I changed my port 8443 than ssl certificate not working
Hey! By default, the passwords are not shown in the command line. However, in the video I said I chose "neutron" as the PEM pass phrase. You can choose whatever password you want. Hope this helps! 💜
Though there are good bits of the video I got very confused as the code did not work for me, and this is not helped by the infinite way that other sites have different openssl code to generate the certs, and the variety of unexplained options. When I ran it privkey was not there. I noticed this key is deleted at the end of the script also. However I confirmed that the file is generated by running the 1st line below and the code below worked. The -nodes is required to stop it forcing a Passphrase. On open -genrsa removal of -des3 creates it where no passphrase is necessary. Waste a lot of time on badly documented ssl and missed out discussion of code by lots of videos. THIS video may help understanding of SSL. th-cam.com/video/T4Df5_cojAs/w-d-xo.html Modified code run in an empty directory to move the files later: openssl req -new -nodes -out server_req_privatekey.csr openssl rsa -in privkey.pem -out server_priv_key.pem openssl x509 -in server_req_privatekey.csr -out server_signed.crt -req -signkey server_priv_key.pem -days 3650 Other code: openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -keyout ca-priv_key.pem -out ca_pub_key.pem openssl req -nodes -newkey rsa:4096 -days 3650 -keyout server_priv_key.pem -out server_pub_req.csr openssl x509 -req -in server_pub_req.csr -CA ca-pub_key.pem -CAkey ca-priv_key.pem -days 3650 -Cacreateserial -out server_signed_cert.crt Code 3: openssl genrsa -out server_priv_key.pem 4096 openssl req -new -key server_priv_key.pem -sha256 -out server_req.csr openssl x5099 -req -days 350 -in server_req.csr -signkey server_priv_key.pem -sha256 -out server_signed.crt (modify 1st for passphrase openssl genrsa -des3 -out server_priv_key.pem 4096) When asked Copilot things about this code: That’s a good question. The reason why there is no -key option in the first command is that it generates a new private key along with the CSR, and saves it in the same file as the CSR1. This is the default behavior of openssl req -new when no -key option is specified2. However, this is not recommended, because it means that the private key is not separated from the CSR, and may be exposed to others when the CSR is submitted to the CA. It also makes it harder to reuse the same private key for other purposes3.
Quick question: are you trying to set up SSL for the open internet? If so, this is not the right tutorial for that job 😅 This tutorial is meant to be used only for setting up SSL for localhost.
@NeutronDev No I was moving my site and subdomains from the internet to home as it was peronal use and I was paying unnecessary charges. I was wanting to use Xammp and potentially make it available on the local network. I found your video really good in many aspects including the use of the vhosts file. Please advise is the v3.ext necessary and what does it do? I wasted time initially trying to use oppenssl from a git installation as suggested by some (failed) before going to the compiled binary. I wanted to understand what I was actually doing with openssl as different videos had different code. The openssl help (on a windows install). was not helpful once installed in trying to understand basic functioning I think that there is so much flexibility with openssl and without knowing what was going on it got confusing. The use of different code in 3 different examples, the use of a CA in some and not others, different endings of files, -new -key vs -newkey vs -new , reversed -req x509 and -x509 req, and case sensitivity non-functioning -CAKEY and -CAkey, which was private and public key, the issues of being forced to enter a passphrase else getting errors and how to avoid it. I eventually asked CoPilot questions which helped. My entering the code above, was put in not out of disrespect but to show different options of code that produced keys and make it clear which are public and which are private keys also. I am still not clear on why openssl seems to have so many commands, but will be happy if the few recipes used which do generate keys work. I have not yet migrated the sites (main and a few subdomains) but hope it works
e@NeutronDev Could you possibly help with the following. Is it likely to be due to the certificate or could it be that I moved the xammp folder to a different drive and tried to run the control panel. " [Apache] Error: Apache shutdown unexpectedly. 19:12:44 [Apache] This may be due to a blocked port, missing dependencies, 19:12:44 [Apache] improper privileges, a crash, or a shutdown by another method. 19:12:44 [Apache] Press the Logs button to view error logs and check 19:12:44 [Apache] the Windows Event Viewer for more clues 19:12:44 [Apache] If you need more help, copy and post this 19:12:44 [Apache] entire log window on the forums" I am using this format of vhosts (ZZwebsite) ## ## ServerAdmin webmaster@ZZ ## DocumentRoot "/xampp/htdocs/ZZ" ## ServerName ZZ ## ServerAlias www.ZZ ## ErrorLog "logs/ZZ-error.log" ## CustomLog "logs/ZZ-access.log" common ## ## ## ServerAdmin webmaster@ZZ ## DocumentRoot "/xampp/htdocs/ZZ" ## ServerName ZZ ## ServerAlias www.ZZ ## ErrorLog "logs/ZZ-error.log" ## CustomLog "logs/ZZ-access.log" common ## SSLCertificateFile "conf/ZZ/server.crt" ## SSLCertificateKeyFile "conf/ZZ/priv_server.key" ##
It would be appreciated. Thanks. I did manage to get the apache server running by going to an installed version of the same 3.30 control panel and using httpd -t from the bin folder and correcting errors. However, I get browser errors. I commented out the rewrite engine and the site worked with http, but not https "This site can’t provide a secure connection to que*.co.uk sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR" I have separate site specific website cert folders which I match in the vhosts conf file. I use your makecert.bat and move the server keys to that folder after generated from the mentioned ssl folders. The log folder said [Sun Feb 11 17:52:43.017197 2024] [ssl:warn] [pid 19424:tid 428] AH01909: qu***.co.uk:80:0 server certificate does NOT include an ID which matches the server name I retried it with your website name to make everything the same, this time moving the certificates which caused errors with example.com ssl certs in the httpd-ssl.conf. I commented out the example.com in httpd-ssl.conf (as I had moved the certs causing an error) and restarted apache. However I get the same sort of error. I tried edge and chrome This site can’t provide a secure connection to localvaren.com sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTO@@NeutronDev
You just helped me solve a problem I was dealing with for a week. Thank you so much worked perfectly!
Awesome 💜
Excellent Work - this is the best tutorial I have found, and works perfectly! Many thanks.
Happy you found it helpful 💜
Thank you very much! Guided by your excellent tutorial video I managed to install ssl on a portable XamPP.😊😊
Happy to hear that 💜
Danke!
Freut mich, dass es dir geholfen hat, und vielen Dank für deine Unterstützung! 💜
Thank you very much!
I tried several solutions, but that was the only one that worked.
Awesome 💜
Great tutorial. I subscribed as your expertise is vastly superior. I wish you the very best.
Thanks for the sub! I'm glad you found the tutorial helpful 💜
➡ Copy the code: gist.github.com/Tynael/d3a647c71bb00f0442590e6d91285a4e
📝 Article: neutrondev.com/how-to-set-up-ssl-certificate-localhost-xampp/
I had the problem that when I typed "localhost", it redirected me to the page I was creating.
I solved it by removing the ":80":
resulting in
I didn't modify the ":443".
I'm trying to learn how to do this on an Ubuntu virtual machine but I know this video is not far away. I'm learning about the .htaccess file so this is real helpful!
Awesome! 💜
Keep it up and let me know if you have any questions!
Nice video and this works on my local computer! I want to ask about what should I put on the url if I want to run my program on mobile browser? Thank you!
Glad to hear that! 💜
If your mobile phone and the computer running localhost are on the same network, you should install the SSL certificate on your mobile phone as well so that the browser recognizes it. Unfortunately, I don't have a step-by-step guide for this specific case.
After installing the SSL certificate on mobile phone, do I use the IP address on the mobile browser to access my program without the "Not secure" error? Thanks again!
@@johnlyod4444 Yes, you would have to use the local IP address (given by the local network) of the machine that's hosting the server.
It works. Thanks you.
Awesome! You're welcome 💜
Thank you so much man you're a life saver
Happy to help 💜
Very helpful video! Thanks!
Glad you found it helpful 💜
Can i do this but without an domain with an public ip?
This is only for the local environment, so yes.
great work @neutron thanks bro , please i have one question I applied it to the same computer and it works fine, but when I try to access my local site from another device local , HTTPS it doesn't work. Why please help me ?
Hey!
When you try to access your local site from another device on the network, it doesn't work because the certificate is self-signed and not issued by a trusted Certificate Authority (CA). To allow other devices on the network to accept it, you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from.
For Linux devices, you'll need to export the certificate file (.crt) to the '/usr/local/share/ca-certificates/' directory and then run the 'update-ca-certificates' command. For Windows and macOS devices, it's best to search online for a step-by-step guide, as the process can be quite lengthy.
@@NeutronDev Thanks bro Where can I get it and is it possible to get it on it ?? Does he have a specific name ?
@@tarekdhl6446 If you're referring to the .crt file, you can find it in the 'xampp\apache\conf\ssl.crt' directory and the name of the file should be 'server.crt'
@@NeutronDev i referring point to this "you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from" Where can I get it? for https local in anothes user local network
@@tarekdhl6446 Please see my comments above. The answer is there.
It works, thank you very much!
Awesome 💜
Thank so much bro
You're welcome 💜
thanks , its very usefully video, i have small issue, i installed the certificate in windows server and its work successfully from inside the server, but when i open the website from outside I got (the website is not secure) error and red color on https protocol on URL, but the website is work fine
Hey! The certificate must not be used on the internet, only on the local machine. That's because it's a self signed certificate and it's not recognized by any authority.
@@NeutronDev ok, so how to install certificate in pem format
do you have a tutorial in which you install a valid certificate outside localhost?
Nope, not yet 😁
@@NeutronDev but is it possible?
@@techinsleep It's possible
Try infinityfree
not work for me
bat file listen this error
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Could Not Find C:\Windows\system32\.rnd
Could Not Find C:\Windows\system32\privkey.pem
Could Not Find C:\Windows\system32\server.csr
The system cannot find the file specified.
The system cannot find the file specified.
-----
Das Zertifikat wurde erstellt.
The certificate was provided.
Press any key to continue . . .
The makecert.bat file is trying to remove the '.rnd', 'privkey.pem' and 'server.csr' from the current directory but it seems that in your case the current directory is 'C:\Windows\system32'. Where are you running the makecert.bat from? 'System32'?
I got an issue
issue: apache shutdown unexpectedly. This may be due to a blocked port, missing dependencies, improper privileges, a crash, or a shutdown by another method. Press the Logs button to view error logs and check the Windows Event Viewer for more clues If you need more help, copy and post this entire log window on the forums.
Hey! Did you check the logs?
I did everything like in the video and now my website shows forbidden
Did you find out what caused this issue?
It's not working on different port like 8443
Have you checked if the port is being used by another process?
@NeutronDev my 443 port is being used by another process that why I change my port to 8443 but when I changed my port 8443 than ssl certificate not working
When I use 443 port it's working but when I use other than 443 then certificate not working
nice tutorial pal!! can you also explain how we can install ssl on multiple domain names on xampp?
Glad you found it helpful 💜
That will be maybe a topic for a future tutorial
is this can apply to localhost root?
This should be only used for localhost, yes.
I made it work but it only works in my PC
Yes, this is how it's supposed to work - only in your local environment.
can i share the link for visiting
You should not make your local environment public 😬
thnks for helping love you
Happy to help 💜
Thanks!
You're welcome 💜
Enter PEM pass phrase:
what is that? you did not show what you wrote
Hey! By default, the passwords are not shown in the command line. However, in the video I said I chose "neutron" as the PEM pass phrase. You can choose whatever password you want. Hope this helps! 💜
@@NeutronDev
ok thank you
Not working domain
What do you mean?
Is this still working?
Yes. What issue did you encounter?
@@NeutronDev Nothing btw thanks i will try this
@@NeutronDev How do i apply this i am not using laravel framework
@@NeutronDev Do i need the app OpenSSL?!
@@SANCHEZREGIEMARKB You don't have to use Laravel
Hi bro is this work through lan server? I use Laravel also..😊😊
Hey! Yes, this could work on a LAN server.
Can you make a tutorial how it work?..😊😊😊
@@SteveMorillo-hu1ng Will keep that in mind and will let you know 😎
@@NeutronDev thank you bro..😊😊
My apache shutdown unexpectedly
Hey! Did you check the logs?
✌👍👍
💪
doesn't work.
What happened?
@@NeutronDev it worked, i solved it. thank you for your fast response
@@aqumy Awesome 💜
What was the issue?
Though there are good bits of the video I got very confused as the code did not work for me, and this is not helped by the infinite way that other sites have different openssl code to generate the certs, and the variety of unexplained options. When I ran it privkey was not there. I noticed this key is deleted at the end of the script also. However I confirmed that the file is generated by running the 1st line below and the code below worked. The -nodes is required to stop it forcing a Passphrase. On open -genrsa removal of -des3 creates it where no passphrase is necessary.
Waste a lot of time on badly documented ssl and missed out discussion of code by lots of videos. THIS video may help understanding of SSL. th-cam.com/video/T4Df5_cojAs/w-d-xo.html
Modified code run in an empty directory to move the files later:
openssl req -new -nodes -out server_req_privatekey.csr
openssl rsa -in privkey.pem -out server_priv_key.pem
openssl x509 -in server_req_privatekey.csr -out server_signed.crt -req -signkey server_priv_key.pem -days 3650
Other code:
openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -keyout ca-priv_key.pem -out ca_pub_key.pem
openssl req -nodes -newkey rsa:4096 -days 3650 -keyout server_priv_key.pem -out server_pub_req.csr
openssl x509 -req -in server_pub_req.csr -CA ca-pub_key.pem -CAkey ca-priv_key.pem -days 3650 -Cacreateserial -out server_signed_cert.crt
Code 3:
openssl genrsa -out server_priv_key.pem 4096
openssl req -new -key server_priv_key.pem -sha256 -out server_req.csr
openssl x5099 -req -days 350 -in server_req.csr -signkey server_priv_key.pem -sha256 -out server_signed.crt
(modify 1st for passphrase openssl genrsa -des3 -out server_priv_key.pem 4096)
When asked Copilot things about this code:
That’s a good question. The reason why there is no -key option in the first command is that it generates a new private key along with the CSR, and saves it in the same file as the CSR1. This is the default behavior of openssl req -new when no -key option is specified2.
However, this is not recommended, because it means that the private key is not separated from the CSR, and may be exposed to others when the CSR is submitted to the CA. It also makes it harder to reuse the same private key for other purposes3.
Quick question: are you trying to set up SSL for the open internet? If so, this is not the right tutorial for that job 😅
This tutorial is meant to be used only for setting up SSL for localhost.
@NeutronDev
No I was moving my site and subdomains from the internet to home as it was peronal use and I was paying unnecessary charges. I was wanting to use Xammp and potentially make it available on the local network.
I found your video really good in many aspects including the use of the vhosts file. Please advise is the v3.ext necessary and what does it do?
I wasted time initially trying to use oppenssl from a git installation as suggested by some (failed) before going to the compiled binary.
I wanted to understand what I was actually doing with openssl as different videos had different code.
The openssl help (on a windows install). was not helpful once installed in trying to understand basic functioning
I think that there is so much flexibility with openssl and without knowing what was going on it got confusing. The use of different code in 3 different examples, the use of a CA in some and not others, different endings of files, -new -key vs -newkey vs -new , reversed -req x509 and -x509 req, and case sensitivity non-functioning -CAKEY and -CAkey, which was private and public key, the issues of being forced to enter a passphrase else getting errors and how to avoid it.
I eventually asked CoPilot questions which helped.
My entering the code above, was put in not out of disrespect but to show different options of code that produced keys and make it clear which are public and which are private keys also.
I am still not clear on why openssl seems to have so many commands, but will be happy if the few recipes used which do generate keys work. I have not yet migrated the sites (main and a few subdomains) but hope it works
e@NeutronDev Could you possibly help with the following. Is it likely to be due to the certificate or could it be that I moved the xammp folder to a different drive and tried to run the control panel.
" [Apache] Error: Apache shutdown unexpectedly.
19:12:44 [Apache] This may be due to a blocked port, missing dependencies,
19:12:44 [Apache] improper privileges, a crash, or a shutdown by another method.
19:12:44 [Apache] Press the Logs button to view error logs and check
19:12:44 [Apache] the Windows Event Viewer for more clues
19:12:44 [Apache] If you need more help, copy and post this
19:12:44 [Apache] entire log window on the forums"
I am using this format of vhosts (ZZwebsite)
##
## ServerAdmin webmaster@ZZ
## DocumentRoot "/xampp/htdocs/ZZ"
## ServerName ZZ
## ServerAlias www.ZZ
## ErrorLog "logs/ZZ-error.log"
## CustomLog "logs/ZZ-access.log" common
##
##
## ServerAdmin webmaster@ZZ
## DocumentRoot "/xampp/htdocs/ZZ"
## ServerName ZZ
## ServerAlias www.ZZ
## ErrorLog "logs/ZZ-error.log"
## CustomLog "logs/ZZ-access.log" common
## SSLCertificateFile "conf/ZZ/server.crt"
## SSLCertificateKeyFile "conf/ZZ/priv_server.key"
##
I'm away for a couple of days. I'll see what I can do when I get back 🤓
It would be appreciated. Thanks. I did manage to get the apache server running by going to an installed version of the same 3.30 control panel and using httpd -t from the bin folder and correcting errors. However, I get browser errors.
I commented out the rewrite engine and the site worked with http, but not https
"This site can’t provide a secure connection to que*.co.uk sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR"
I have separate site specific website cert folders which I match in the vhosts conf file.
I use your makecert.bat and move the server keys to that folder after generated from the mentioned ssl folders.
The log folder said [Sun Feb 11 17:52:43.017197 2024] [ssl:warn] [pid 19424:tid 428] AH01909: qu***.co.uk:80:0 server certificate does NOT include an ID which matches the server name
I retried it with your website name to make everything the same, this time moving the certificates which caused errors with example.com ssl certs in the httpd-ssl.conf. I commented out the example.com in httpd-ssl.conf (as I had moved the certs causing an error) and restarted apache.
However I get the same sort of error. I tried edge and chrome
This site can’t provide a secure connection to localvaren.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTO@@NeutronDev
thanks so much
You're welcome 💜