XAMPP: Apache Vhosts with SSL

Submitted by tomo on July 18, 2011 - 6:21pm

I needed to test out ssl on my Macbook as a web server with XAMPP.  It took more effort than it should have because I was using virtual hosts as well.

1. I already had vhosts setup - make sure to uncomment the line in your httpd.conf with extra/httpd-vhosts.conf

2. You may need to enable ssl - /Applications/XAMPP/xamppfiles/xampp enablessl, then restart apache.  XAMPP comes with a certificate already setup, although your browser will complain.  This is just for testing.
3. Your httpd.conf should have some directives like <IfModule ssl_module> and <IfDefine SSL> which will include the default ssl Apache configuration file, if you are calling "LoadModule ssl_module modules/mod_ssl.so". If not, try uncommenting the line - Include /Applications/XAMPP/etc/extra/httpd-ssl.conf
4. Now check your error_log. I was seeing stuff like "VirtualHost _default_:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results" and "(48)Address already in use: make_sock: could not bind to address [::]:443".  I could see that port 443 wasn't in use.
5. It turned out that in my vhosts.conf I was being too lax.  Since I'm not specifying *:443 virtual hosts in my ssl.conf, I need to be port 80 specific in my vhosts.conf.  That is "NameVirtualHost *:80", and then "<VirtualHost *:80>" for each virtual host section.
6. Now we need the 443 specific virtual hosts.  Add these lines:
NameVirtualHost *:443
7. Now it's just a matter of copying your <VirtualHost *:80> groups with <VirtualHost *:443> instead, but you also need 'SSLEngine on' and the 'SSLCertificateFile' and 'SSLCertificateKeyFile' directives.
You should be able to check that https is running by netcat'ing to port 443 and you can see that https with vhosts is working with your browser.
Read the rest of this article...
tomo

If you want your SSL site to appear without any warning in any users browsers then you'll need a certificate signed by a root CA (certificate authority).

According to this site (http://www.fixyourip.com/library/openssl/rootcas.php) the trusted root CAs are:

Addrrust
AOL
Entrust
CertPlus
Certum
Chambersign
Comodo
Digicert
Digital Signature Trust Company
Equifax
Entrust
Geotrust
GlobalSign
IPSCA
Netlock
Quovadis
StartCom
Swisscom
SwissSign
Thawte
Trustis
Usertrust
Valicert
Verizon Business
Verisign
Visa
Wells Fargo

For older browsers you might use this much smaller list updated in 2007: http://www.math.ucla.edu/~jimc/documents/certauth.html

Google checkout has a much longer list: http://support.google.com/checkout/sell/bin/answer.py?hl=en&answer=57856

© 2010-2014 Saigonist.