not work for me bat file listen this error The system cannot find the path specified. The system cannot find the path specified. The system cannot find the path specified. Could Not Find C:\Windows\system32\.rnd Could Not Find C:\Windows\system32\privkey.pem Could Not Find C:\Windows\system32\server.csr The system cannot find the file specified. The system cannot find the file specified. ----- Das Zertifikat wurde erstellt. The certificate was provided. Press any key to continue . . .
The makecert.bat file is trying to remove the '.rnd', 'privkey.pem' and 'server.csr' from the current directory but it seems that in your case the current directory is 'C:\Windows\system32'. Where are you running the makecert.bat from? 'System32'?
I got an issue issue: apache shutdown unexpectedly. This may be due to a blocked port, missing dependencies, improper privileges, a crash, or a shutdown by another method. Press the Logs button to view error logs and check the Windows Event Viewer for more clues If you need more help, copy and post this entire log window on the forums.
thanks , its very usefully video, i have small issue, i installed the certificate in windows server and its work successfully from inside the server, but when i open the website from outside I got (the website is not secure) error and red color on https protocol on URL, but the website is work fine
Hey! The certificate must not be used on the internet, only on the local machine. That's because it's a self signed certificate and it's not recognized by any authority.
great work @neutron thanks bro , please i have one question I applied it to the same computer and it works fine, but when I try to access my local site from another device local , HTTPS it doesn't work. Why please help me ?
Hey! When you try to access your local site from another device on the network, it doesn't work because the certificate is self-signed and not issued by a trusted Certificate Authority (CA). To allow other devices on the network to accept it, you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from. For Linux devices, you'll need to export the certificate file (.crt) to the '/usr/local/share/ca-certificates/' directory and then run the 'update-ca-certificates' command. For Windows and macOS devices, it's best to search online for a step-by-step guide, as the process can be quite lengthy.
@@tarekdhl6446 If you're referring to the .crt file, you can find it in the 'xampp\apache\conf\ssl.crt' directory and the name of the file should be 'server.crt'
@@NeutronDev i referring point to this "you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from" Where can I get it? for https local in anothes user local network
Hey! By default, the passwords are not shown in the command line. However, in the video I said I chose "neutron" as the PEM pass phrase. You can choose whatever password you want. Hope this helps! 💜
Though there are good bits of the video I got very confused as the code did not work for me, and this is not helped by the infinite way that other sites have different openssl code to generate the certs, and the variety of unexplained options. When I ran it privkey was not there. I noticed this key is deleted at the end of the script also. However I confirmed that the file is generated by running the 1st line below and the code below worked. The -nodes is required to stop it forcing a Passphrase. On open -genrsa removal of -des3 creates it where no passphrase is necessary. Waste a lot of time on badly documented ssl and missed out discussion of code by lots of videos. THIS video may help understanding of SSL. ruclips.net/video/T4Df5_cojAs/видео.html Modified code run in an empty directory to move the files later: openssl req -new -nodes -out server_req_privatekey.csr openssl rsa -in privkey.pem -out server_priv_key.pem openssl x509 -in server_req_privatekey.csr -out server_signed.crt -req -signkey server_priv_key.pem -days 3650 Other code: openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -keyout ca-priv_key.pem -out ca_pub_key.pem openssl req -nodes -newkey rsa:4096 -days 3650 -keyout server_priv_key.pem -out server_pub_req.csr openssl x509 -req -in server_pub_req.csr -CA ca-pub_key.pem -CAkey ca-priv_key.pem -days 3650 -Cacreateserial -out server_signed_cert.crt Code 3: openssl genrsa -out server_priv_key.pem 4096 openssl req -new -key server_priv_key.pem -sha256 -out server_req.csr openssl x5099 -req -days 350 -in server_req.csr -signkey server_priv_key.pem -sha256 -out server_signed.crt (modify 1st for passphrase openssl genrsa -des3 -out server_priv_key.pem 4096) When asked Copilot things about this code: That’s a good question. The reason why there is no -key option in the first command is that it generates a new private key along with the CSR, and saves it in the same file as the CSR1. This is the default behavior of openssl req -new when no -key option is specified2. However, this is not recommended, because it means that the private key is not separated from the CSR, and may be exposed to others when the CSR is submitted to the CA. It also makes it harder to reuse the same private key for other purposes3.
Quick question: are you trying to set up SSL for the open internet? If so, this is not the right tutorial for that job 😅 This tutorial is meant to be used only for setting up SSL for localhost.
@NeutronDev No I was moving my site and subdomains from the internet to home as it was peronal use and I was paying unnecessary charges. I was wanting to use Xammp and potentially make it available on the local network. I found your video really good in many aspects including the use of the vhosts file. Please advise is the v3.ext necessary and what does it do? I wasted time initially trying to use oppenssl from a git installation as suggested by some (failed) before going to the compiled binary. I wanted to understand what I was actually doing with openssl as different videos had different code. The openssl help (on a windows install). was not helpful once installed in trying to understand basic functioning I think that there is so much flexibility with openssl and without knowing what was going on it got confusing. The use of different code in 3 different examples, the use of a CA in some and not others, different endings of files, -new -key vs -newkey vs -new , reversed -req x509 and -x509 req, and case sensitivity non-functioning -CAKEY and -CAkey, which was private and public key, the issues of being forced to enter a passphrase else getting errors and how to avoid it. I eventually asked CoPilot questions which helped. My entering the code above, was put in not out of disrespect but to show different options of code that produced keys and make it clear which are public and which are private keys also. I am still not clear on why openssl seems to have so many commands, but will be happy if the few recipes used which do generate keys work. I have not yet migrated the sites (main and a few subdomains) but hope it works
e@NeutronDev Could you possibly help with the following. Is it likely to be due to the certificate or could it be that I moved the xammp folder to a different drive and tried to run the control panel. " [Apache] Error: Apache shutdown unexpectedly. 19:12:44 [Apache] This may be due to a blocked port, missing dependencies, 19:12:44 [Apache] improper privileges, a crash, or a shutdown by another method. 19:12:44 [Apache] Press the Logs button to view error logs and check 19:12:44 [Apache] the Windows Event Viewer for more clues 19:12:44 [Apache] If you need more help, copy and post this 19:12:44 [Apache] entire log window on the forums" I am using this format of vhosts (ZZwebsite) ## ## ServerAdmin webmaster@ZZ ## DocumentRoot "/xampp/htdocs/ZZ" ## ServerName ZZ ## ServerAlias www.ZZ ## ErrorLog "logs/ZZ-error.log" ## CustomLog "logs/ZZ-access.log" common ## ## ## ServerAdmin webmaster@ZZ ## DocumentRoot "/xampp/htdocs/ZZ" ## ServerName ZZ ## ServerAlias www.ZZ ## ErrorLog "logs/ZZ-error.log" ## CustomLog "logs/ZZ-access.log" common ## SSLCertificateFile "conf/ZZ/server.crt" ## SSLCertificateKeyFile "conf/ZZ/priv_server.key" ##
It would be appreciated. Thanks. I did manage to get the apache server running by going to an installed version of the same 3.30 control panel and using httpd -t from the bin folder and correcting errors. However, I get browser errors. I commented out the rewrite engine and the site worked with http, but not https "This site can’t provide a secure connection to que*.co.uk sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR" I have separate site specific website cert folders which I match in the vhosts conf file. I use your makecert.bat and move the server keys to that folder after generated from the mentioned ssl folders. The log folder said [Sun Feb 11 17:52:43.017197 2024] [ssl:warn] [pid 19424:tid 428] AH01909: qu***.co.uk:80:0 server certificate does NOT include an ID which matches the server name I retried it with your website name to make everything the same, this time moving the certificates which caused errors with example.com ssl certs in the httpd-ssl.conf. I commented out the example.com in httpd-ssl.conf (as I had moved the certs causing an error) and restarted apache. However I get the same sort of error. I tried edge and chrome This site can’t provide a secure connection to localvaren.com sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTO@@NeutronDev
➡ Copy the code: gist.github.com/Tynael/d3a647c71bb00f0442590e6d91285a4e
📝 Article: neutrondev.com/how-to-set-up-ssl-certificate-localhost-xampp/
You just helped me solve a problem I was dealing with for a week. Thank you so much worked perfectly!
Awesome 💜
Great tutorial. I subscribed as your expertise is vastly superior. I wish you the very best.
Thanks for the sub! I'm glad you found the tutorial helpful 💜
Thank you very much!
I tried several solutions, but that was the only one that worked.
Awesome 💜
Thank you so much man you're a life saver
Happy to help 💜
Very helpful video! Thanks!
Glad you found it helpful 💜
thnks for helping love you
Happy to help 💜
It works, thank you very much!
Awesome 💜
Thanks!
You're welcome 💜
not work for me
bat file listen this error
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Could Not Find C:\Windows\system32\.rnd
Could Not Find C:\Windows\system32\privkey.pem
Could Not Find C:\Windows\system32\server.csr
The system cannot find the file specified.
The system cannot find the file specified.
-----
Das Zertifikat wurde erstellt.
The certificate was provided.
Press any key to continue . . .
The makecert.bat file is trying to remove the '.rnd', 'privkey.pem' and 'server.csr' from the current directory but it seems that in your case the current directory is 'C:\Windows\system32'. Where are you running the makecert.bat from? 'System32'?
I got an issue
issue: apache shutdown unexpectedly. This may be due to a blocked port, missing dependencies, improper privileges, a crash, or a shutdown by another method. Press the Logs button to view error logs and check the Windows Event Viewer for more clues If you need more help, copy and post this entire log window on the forums.
Hey! Did you check the logs?
thanks , its very usefully video, i have small issue, i installed the certificate in windows server and its work successfully from inside the server, but when i open the website from outside I got (the website is not secure) error and red color on https protocol on URL, but the website is work fine
Hey! The certificate must not be used on the internet, only on the local machine. That's because it's a self signed certificate and it's not recognized by any authority.
@@NeutronDev ok, so how to install certificate in pem format
great work @neutron thanks bro , please i have one question I applied it to the same computer and it works fine, but when I try to access my local site from another device local , HTTPS it doesn't work. Why please help me ?
Hey!
When you try to access your local site from another device on the network, it doesn't work because the certificate is self-signed and not issued by a trusted Certificate Authority (CA). To allow other devices on the network to accept it, you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from.
For Linux devices, you'll need to export the certificate file (.crt) to the '/usr/local/share/ca-certificates/' directory and then run the 'update-ca-certificates' command. For Windows and macOS devices, it's best to search online for a step-by-step guide, as the process can be quite lengthy.
@@NeutronDev Thanks bro Where can I get it and is it possible to get it on it ?? Does he have a specific name ?
@@tarekdhl6446 If you're referring to the .crt file, you can find it in the 'xampp\apache\conf\ssl.crt' directory and the name of the file should be 'server.crt'
@@NeutronDev i referring point to this "you need to add the self-signed certificate to the trust store of each device you're trying to access the local site from" Where can I get it? for https local in anothes user local network
@@tarekdhl6446 Please see my comments above. The answer is there.
My apache shutdown unexpectedly
Hey! Did you check the logs?
Enter PEM pass phrase:
what is that? you did not show what you wrote
Hey! By default, the passwords are not shown in the command line. However, in the video I said I chose "neutron" as the PEM pass phrase. You can choose whatever password you want. Hope this helps! 💜
@@NeutronDev
ok thank you
do you have a tutorial in which you install a valid certificate outside localhost?
Nope, not yet 😁
@@NeutronDev but is it possible?
@@techinsleep It's possible
Try infinityfree
Hi bro is this work through lan server? I use Laravel also..😊😊
Hey! Yes, this could work on a LAN server.
Can you make a tutorial how it work?..😊😊😊
@@SteveMorillo-hu1ng Will keep that in mind and will let you know 😎
@@NeutronDev thank you bro..😊😊
can i share the link for visiting
You should not make your local environment public 😬
is this can apply to localhost root?
This should be only used for localhost, yes.
Is this still working?
Yes. What issue did you encounter?
@@NeutronDev Nothing btw thanks i will try this
@@NeutronDev How do i apply this i am not using laravel framework
@@NeutronDev Do i need the app OpenSSL?!
@@user-iu7rs4hp3m You don't have to use Laravel
Though there are good bits of the video I got very confused as the code did not work for me, and this is not helped by the infinite way that other sites have different openssl code to generate the certs, and the variety of unexplained options. When I ran it privkey was not there. I noticed this key is deleted at the end of the script also. However I confirmed that the file is generated by running the 1st line below and the code below worked. The -nodes is required to stop it forcing a Passphrase. On open -genrsa removal of -des3 creates it where no passphrase is necessary.
Waste a lot of time on badly documented ssl and missed out discussion of code by lots of videos. THIS video may help understanding of SSL. ruclips.net/video/T4Df5_cojAs/видео.html
Modified code run in an empty directory to move the files later:
openssl req -new -nodes -out server_req_privatekey.csr
openssl rsa -in privkey.pem -out server_priv_key.pem
openssl x509 -in server_req_privatekey.csr -out server_signed.crt -req -signkey server_priv_key.pem -days 3650
Other code:
openssl req -x509 -nodes -newkey rsa:4096 -days 3650 -keyout ca-priv_key.pem -out ca_pub_key.pem
openssl req -nodes -newkey rsa:4096 -days 3650 -keyout server_priv_key.pem -out server_pub_req.csr
openssl x509 -req -in server_pub_req.csr -CA ca-pub_key.pem -CAkey ca-priv_key.pem -days 3650 -Cacreateserial -out server_signed_cert.crt
Code 3:
openssl genrsa -out server_priv_key.pem 4096
openssl req -new -key server_priv_key.pem -sha256 -out server_req.csr
openssl x5099 -req -days 350 -in server_req.csr -signkey server_priv_key.pem -sha256 -out server_signed.crt
(modify 1st for passphrase openssl genrsa -des3 -out server_priv_key.pem 4096)
When asked Copilot things about this code:
That’s a good question. The reason why there is no -key option in the first command is that it generates a new private key along with the CSR, and saves it in the same file as the CSR1. This is the default behavior of openssl req -new when no -key option is specified2.
However, this is not recommended, because it means that the private key is not separated from the CSR, and may be exposed to others when the CSR is submitted to the CA. It also makes it harder to reuse the same private key for other purposes3.
Quick question: are you trying to set up SSL for the open internet? If so, this is not the right tutorial for that job 😅
This tutorial is meant to be used only for setting up SSL for localhost.
@NeutronDev
No I was moving my site and subdomains from the internet to home as it was peronal use and I was paying unnecessary charges. I was wanting to use Xammp and potentially make it available on the local network.
I found your video really good in many aspects including the use of the vhosts file. Please advise is the v3.ext necessary and what does it do?
I wasted time initially trying to use oppenssl from a git installation as suggested by some (failed) before going to the compiled binary.
I wanted to understand what I was actually doing with openssl as different videos had different code.
The openssl help (on a windows install). was not helpful once installed in trying to understand basic functioning
I think that there is so much flexibility with openssl and without knowing what was going on it got confusing. The use of different code in 3 different examples, the use of a CA in some and not others, different endings of files, -new -key vs -newkey vs -new , reversed -req x509 and -x509 req, and case sensitivity non-functioning -CAKEY and -CAkey, which was private and public key, the issues of being forced to enter a passphrase else getting errors and how to avoid it.
I eventually asked CoPilot questions which helped.
My entering the code above, was put in not out of disrespect but to show different options of code that produced keys and make it clear which are public and which are private keys also.
I am still not clear on why openssl seems to have so many commands, but will be happy if the few recipes used which do generate keys work. I have not yet migrated the sites (main and a few subdomains) but hope it works
e@NeutronDev Could you possibly help with the following. Is it likely to be due to the certificate or could it be that I moved the xammp folder to a different drive and tried to run the control panel.
" [Apache] Error: Apache shutdown unexpectedly.
19:12:44 [Apache] This may be due to a blocked port, missing dependencies,
19:12:44 [Apache] improper privileges, a crash, or a shutdown by another method.
19:12:44 [Apache] Press the Logs button to view error logs and check
19:12:44 [Apache] the Windows Event Viewer for more clues
19:12:44 [Apache] If you need more help, copy and post this
19:12:44 [Apache] entire log window on the forums"
I am using this format of vhosts (ZZwebsite)
##
## ServerAdmin webmaster@ZZ
## DocumentRoot "/xampp/htdocs/ZZ"
## ServerName ZZ
## ServerAlias www.ZZ
## ErrorLog "logs/ZZ-error.log"
## CustomLog "logs/ZZ-access.log" common
##
##
## ServerAdmin webmaster@ZZ
## DocumentRoot "/xampp/htdocs/ZZ"
## ServerName ZZ
## ServerAlias www.ZZ
## ErrorLog "logs/ZZ-error.log"
## CustomLog "logs/ZZ-access.log" common
## SSLCertificateFile "conf/ZZ/server.crt"
## SSLCertificateKeyFile "conf/ZZ/priv_server.key"
##
I'm away for a couple of days. I'll see what I can do when I get back 🤓
It would be appreciated. Thanks. I did manage to get the apache server running by going to an installed version of the same 3.30 control panel and using httpd -t from the bin folder and correcting errors. However, I get browser errors.
I commented out the rewrite engine and the site worked with http, but not https
"This site can’t provide a secure connection to que*.co.uk sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR"
I have separate site specific website cert folders which I match in the vhosts conf file.
I use your makecert.bat and move the server keys to that folder after generated from the mentioned ssl folders.
The log folder said [Sun Feb 11 17:52:43.017197 2024] [ssl:warn] [pid 19424:tid 428] AH01909: qu***.co.uk:80:0 server certificate does NOT include an ID which matches the server name
I retried it with your website name to make everything the same, this time moving the certificates which caused errors with example.com ssl certs in the httpd-ssl.conf. I commented out the example.com in httpd-ssl.conf (as I had moved the certs causing an error) and restarted apache.
However I get the same sort of error. I tried edge and chrome
This site can’t provide a secure connection to localvaren.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTO@@NeutronDev
thanks so much
You're welcome 💜