Enabling SSL on localhost: step-by-step

How to enable self-signed SSL certificate on Localhost (Windows)
Start console, e.g. win prompt, or ConEmu

Console has to be run with Admin rights.

Create alias in Windows vhosts file

Folder, where file resides.

You may have to move vhosts file on your desktop, apply alias code and move it back to its folder.
Otherwise, you may not be allowed to edit vhosts file.

Update your httpd-vhosts.conf file (Apache)

You can find mentioned file in:

Note: my Apache installation location: C:\xampp7327\apache, yours is most likely different.

Entire setup code for your localhost site could be:

Make sure your system knows where openssl config file is.
Type/copy-paste in your console and hit enter.

Go to folder where your openssl.exe is located.
Type/copy-paste in your console and hit enter.

Folder, where file resides.

Generate an RSA-2048 key.

Type to your console and hit enter:

Generate root certificate with key generated above.

Type to your console and hit enter:

You will be prompted to enter some values.
Please enter them all.
They can be fictitious.
I also noticed some errors, when you use spaces/tabs, so rather avoid them.

Trust the root SSL certificate in the local system.

Note: ConEmu must run as Admin, or you would get errors.

Import certificate into Firefox (if you use it).

Chromium based browsers get that cert from Win directory. Firefox needs cert to be imported.

step 1: type into Firefox url input field and hit enter

step 1: privacy search result

step 2: import cert

step 3: where your cert you are importing is located

Generate SSL SAN Certificate With the Root Certificate

SAN stands for: Subject Alternate Name

step 1: create file

… and paste into it:

Note: all [dn] entries must be filled. They can be fictitious. No breaks/spaces in [dn] entries, or you may get errors.

Create a v3.ext file with a list of local SAN domains and paste into it as follows:

Note: [alt_names] contain all your files you want your certificate to service. Make sure you have localhost as well.

Generate private key and certificate-signing request (CSR) for the localhost certificate.

Generate certificate via the root SSL certificate and the CSR created earlier.


Restart your browser and i you did everything right, your mysite.net should have SSL cert enabled and working.


How to check, if your CA (certification authority) cert was added to Windows.

step 1: select both

step 2: type ‘certmgr’ here and click enter

step 3: select from results

step 4: find you certificate

This will be your cert name you are looking for:

And you’d be looking for it here:


step 5: you may want to consider disabling some options, as cert comes with all enabled.

All files that you created doing this: