Secure Sockets Layer (SSL) is a security protocol that creates an encrypted link between a web server and a web browser. Literally speaking, an SSL Certificate is an X.509 certificate. The X.509 is the standard that defines the structure of the certificate. It defines the data fields that should be included in the SSL certificate. X.509 uses a formal language called Abstract Syntax Notation One (ASN.1) to express the certificate’s data structure. SSL certificate authenticates a website’s identity and enables an encrypted connection. Please see these related articles: How to export a certificate in PFX format in Windows, SSL Encrypted Communications explained, What are the components needed to create a certificate signing request, and how to generate a self-signed SSL certificate: How to enable LDAP over SSL with a self-signed certificate. In this article, you will learn how to setup VirtualHost with SSL on WAMP Server for your application.
Setup VirtualHost with SSL on WAMP Server
The first step will be to determine the certificate type that is required for configuring WAMP. Apache servers split the SSL certificate parts into two separate files: .crt and .key files. The .crt file contains the public key file (SSL certificate file), and the .key file contains the associated private key. You should use your server to generate the associated private key file as part of the CSR generation.
Windows servers use .pfx files that contain the public key file (SSL certificate file) and the associated private key file. So, if transferring your SSL certificates from a Windows server to Apache, you need to export the certificate in an Apache-compatible format, which splits the public (.crt) and private (.key) files.Please see how to query, stop and delete a service in Windows, how to stop Windows from applying updates, how to enable Enhanced Networking Adapter (ENA) on Windows, how to View Scheduled Events on AW using AWS Web Console, and how to rebind Tomcat Keystore with a new Certificate
SSL Encoding Format and Extensions
Before diving into this topic, let’s discuss the various certificate format and extensions. As mentioned above, an SSL certificate is essentially an X.509 certificate but has several file extension types and encoding formats. Because of this, certain devices and applications may require certain formats
SSL Certificate Format
The certificate files have different extensions based on the format and encoding they use. The different formats of X.509 certificates are PEM, DER, PKCS#7, and PKCS#12. PEM and PKCS#7 formats use Base64 ASCII encoding while DER and PKCS#12 use binary encoding. The certificate files have different extensions based on the format and encoding they use. Please see how to fix the error “Ansible: Server unreachable, ssl: auth method ssl requires a password“.
| PEM | PKCS#7 | DER | PKCS#12 |
| Privacy Enhanced Mail (PEM) contains one or more X.509 digital certificate files that use base64 (ASCII) encoding and can be opened in any text editor. The certificate file types can be .pem , .crt , .cer , or .key. Each certificate in the PEM file is contained between the —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- statements. The private key is contained between the —- BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– statements. The CSR is contained between the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– statements. | The PKCS#7 certificate uses Base64 ASCII encoding with file extension .p7b or .p7c. Only certificates can be stored in this format, not private keys. The P7B certificates are contained between the “—–BEGIN PKCS7—–” and “—–END PKCS7—–” statements | The DER certificates are in binary form, contained in .der or .cer files. These certificates are mainly used in Java-based web servers. | The PKCS#12 are in binary form, contained in .pfx or .p12 files. can store the server certificate, the intermediate certificate and the private key in a single .pfx file with password protection. These certificates are mainly used on the Windows platform. |
Configure SSL on WAMP Server
To Enable HTTPS on WampServer on Windows, I will assume that you have downloaded and installed WampServer already. And also that the application that would need SSL Certificate has been installed and running. Please see how to “Install and configure TeamPass Password Manager“. Now we have to install an SSL Certificate for our application to authenticate the site identity and enables an encrypted connection.
Installation of an SSL certificate depends on many things such as where you generated the CSR, the type of certificate files you got from the CA, the types of certificate files your web server supports, etc.
Please see How to create Virtual Hosts in a WAMPserver, how to uninstall WAMPServer from Windows, how to Install and Configure WordPress on Your Windows Computer Using WAMP SERVER, and how to use the DigiCert certificate utility for Windows to create a CSR.
Generate a Certificate Signing Request (CSR)
You are free to generate your CSR and Private Key using whatever program you desire such as OpenSSL, IIS, cPanel, and Plesk. You could use SSLTrust, SSL, etc to order an SSL Certificate just to mention but a few. It is best to generate your CSR and key pair on the web server where you will install the certificate.
But if the web server where you generate the CSR is different from the web server where you are going to install the certificate, then you need to export the private key from where you generated the CSR because the private key is generated at the same time when the CSR is generated. Please see how to install Let’s Encrypt Certificates with IIS on a Windows Server, and how to install Let’s Encrypt Wildcard SSL Certificate in cPanel using Certify The Web
Download the SSL Certificate files and move them to WAMPServer
When your SSL Certificate has been issued, you will be emailed the Certificate Directly from the Certificate Authority. Select the format as “separate primary and intermediate .crt files (zipped)”. Please download it to the WampServer. For example, Apache and other similar web servers support certificates in PEM format, whereas Microsoft Windows supports certificates in PKCS#7 format.
Note: If the certificate files and format you got from the CA are not supported on your web server or hosting provider then you have to convert the certificates to your web server-supported format using OpenSSL
Create New Folder (Optional)
Create a folder named “key”. You are free to use any name that you can recall. In my case, I will create a new folder called “key” in the following directory below.
C:/wamp64/bin/apache/apache2.4.51/conf/ directory.
The certificate.crt and private.key needs to be moved to the new folder “C:\wamp\bin\apache\apache2.4.51\conf\key” that we have just created. Copy and paste your combined certificate file and your private key in that folder.
Note: If you have installed Wampserver on a different drive, please do well to replace the path (drive) with the drive you installed WAMP in if you did not install it in the default location.
Note: This step is optional as mentioned above. You can paste the generated certificate and private keys also in the Apache Configuration folder itself. 
This command points Localhost to http://yourdomain.com locally and displays the default WAMP Dashboard Page.
Configure Main Apache and SSL Configuration files
This step involves modifying the SSL and Apache configuration file. Please see how to update WampServer to Latest Version, and how to fix the “Error: The processing of Group Policy failed because of lack of network connectivity to a DC. This may be a transient condition. A success message would be generated once the machine gets connected“.
Enable the SSL module in the Main Apache Configuration File
Modify the httpd.conf
Open the httpd.conf file located in “C:\wamp64\bin\apache\apache-(version)\conf\httpd.conf. This will depend on where WAMP Server is installed, and uncomment the following lines. This will load the SSL module and include the SSL configuration file.
LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.conf LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
To do this, Install Notepad++, so when there are errors, it will point you directly t the line number in question. But I will be showing you how to do this with Notepad, and then Notepad ++ later.
Enter the Listen “IP Addresses and Port”
When the file is open, search through the files and uncomment the lines above. The following syntax above will define port 443 as a valid port for Apache configuration to listen on.
Note: Do not forget to specify the listening port. Here enter the server IP address followed by the port. an example of this would be 192.168.xxx.xxx:443
Please ensure to run Notepad++ in Administrator Mode, and do not forget to save it afterwards.
Alternatively, you could open the WAMP menu from the system tray and select Apache > Apache modules > ssl_module. This will enable the SSL module in Apache.
Configure the VirtualHost in the Main Apache Configuration File
In order to avoid the following error “Port:443 used for the virtualHost is not an Apache defined Variable or Listen port etc., there is a need to define the Apache Configuration File for the VirtualHost in this file and not in the VirtualHost file. The following syntax above will define port 443 as a valid port for Apache configuration to listen on. The configuration file should look like the one below.
#
<VirtualHost *:443>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
SSLEngine on
SSLCertificateFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.crt"
SSLCertificateKeyFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.key"
</VirtualHost>
#
<VirtualHost *:443>
ServerName techpasstest.com
DocumentRoot "${INSTALL_DIR}/www/app"
<Directory "${INSTALL_DIR}/www/app/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
# SSLEngine on
SSLCertificateFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.crt"
SSLCertificateKeyFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.crt"
</VirtualHost>
#This code specifies that the virtual host listens on port 443 (the default SSL port), sets the document root for the site, and specifies the SSL certificate and key files that were generated earlier. Please see how to Install Apache HTTP Server on Ubuntu 20.04 LTS.
Note that you will need to replace techpasstest.com with the actual domain name or hostname that you want to use for your SSL-enabled site, and update the paths to the SSL certificate and key files to match your own setup. If you want the URL accessible from out the local server, do well to specify “require = all granted“.
Note: If you set the Require to local, you will not the able to access the application with the URL outside of the server!Launch the httpd-ssl.conf
The httpd-ssl.conf file is specifically used for configuring SSL settings for Apache. The main Apache configuration file typically includes it httpd.conf and contains SSL-related directives such as SSLCertificateFile and SSLCertificateKeyFile. To do this, open httpd-ssl.conf with your desired Text Editor. In my case, Notepad++.
C:/wamp64/bin/apache/apache2.4.41/conf/extra/httpd-ssl.conf 
The httpd-ssl.conf file is indeed used specifically for SSL configuration in Apache, including directives such as SSLCertificateFile and SSLCertificateKeyFile. Edit the httpd-ssl.conf file to configure SSL settings for Apache
DocumentRoot "${SRVROOT}/www/htdocs"
ServerName localhost.com:443
ServerAdmin contact@techdirectarchive.com
<Please uncomment and specifiy the following certificate path into the "SSLCertificateKeyFile", and the "SSLCertificateFile">
SSLEngine on
SSLCertificateKeyFile "${SRVROOT}/conf/key/private.key"
SSLCertificateFile "${SRVROOT}/conf/key/certificate.crt"
Note: DocumentRoot needs to be set to the location of your website files. Please specify the server name etc. You do not want to use localhost” in production. In this way, you will be able to access your application via the URL in your web browser “techapp.com”.
SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Note 1: In order for Apache service to start when the SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)” is uncommented out, please ensure the following module is enabled “LoadModule ssl_module modules/mod_ssl.so“.
Note 2: Some documentations expect you to modify the php.ini file. In this current version of Apache, this is not required.
Configure the Apache VirtualHost
The httpd-vhosts.conf file, you would define the virtual host configuration, including the SSL-specific settings such as the SSLCertificateFile and SSLCertificateKeyFile, as well as any other directives needed for your specific website. Add the necessary configuration directives to the httpd-vhosts.conf file. To do this, open the httpd-vhosts.conffile and make the following changes.
C:\wamp64\bin\apache\apache-(version)\conf\extra\httpd-vhosts.conf Therefore, it is sufficient to have the VirtualHost Derivatives in the Main Apache Configuration File only. Do not forget to specify the Redirect localhost to https://localhost and save the configuration file. Whenever changes are made to the VirtualHost file, please always restart DNS via WAMP.
#
<VirtualHost *:80>
ServerName localhost
Redirect localhost https://localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
SSLEngine on
SSLCertificateFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.crt"
SSLCertificateKeyFile "C:/wamp64/bin/apache/apache2.4.54.2/conf/key/techda.key"
</VirtualHost>
#
Having just this derivative the virtualHost will ensure the following error “Port:443 used for the virtualHost is not an Apache defined Variable or Listen port etc. is avoided. Please do not forget to define the VirtualHost of your Application in the Main Apache Configuration File as discussed above.
If you have already configured SSL directives in the httpd-ssl.conf file, you would not need to repeat them in the virtual host configuration in httpd-vhosts.conf.
However, if you have additional SSL-specific settings that are specific to the virtual host, such as a different SSL certificate or additional SSL protocols or ciphers, you would add them to the virtual host configuration in httpd-vhosts.conf.Restart Apache WebServer
Restart all Services via the WAMP Control Panel to restart your server and implement all changes. That’s it, you should have successfully installed an SSL Certificate on WAMP. Head over to https://techpasstest.com and check your secure connection.
Note: If you see a green WAMP icon everything should be right. If the icon is orange there is a problem with your syntax somewhere. You can run c:/wamp64/bin/apache/apache2.4.41/bin/httpd -t in the command prompt and if there are any syntax errors they will be listed.
I hope you found this blog post helpful on how to setup VirtualHost with SSL on WAMP Server for your application”. If you have any questions, please let me know in the comment session.