Skip to main content
Bearsampp includes built-in SSL support for Apache, letting you serve your local sites over HTTPS without installing any external tools. SSL certificates are generated using OpenSSL, which is bundled with Bearsampp. When you create a virtual host, Bearsampp generates an SSL certificate for it automatically — or you can generate a certificate manually at any time.

Where certificates are stored

All generated SSL certificates are saved in the ssl/ folder inside your Bearsampp directory: 
bearsampp\ssl\
Each certificate consists of two files named after the server name you chose:
  • servername.crt — the certificate file
  • servername.key — the private key file

Generate an SSL certificate manually

You can generate a certificate for any hostname directly from the tray menu.
1

Right-click the Bearsampp tray icon

Find the Bearsampp icon in your Windows system tray and right-click it.
2

Open the Apache menu

Hover over Apache in the context menu.
3

Click Generate SSL certificate

Click Generate SSL certificate. A dialog opens with two fields.
4

Enter the server name

In the Name field, type the hostname you want the certificate for (e.g. myapp.local). The dialog pre-fills test.local as a placeholder.
5

Choose an output folder

The Target field defaults to bearsampp\ssl\. Click Browse to choose a different output folder, or leave the default.
6

Click Save

Click Save. Bearsampp generates the .crt and .key files in the target folder.

SSL and virtual hosts

When you add a virtual host using the tray menu, Bearsampp automatically generates an SSL certificate for that virtual host’s server name and stores it in bearsampp\ssl\. You do not need to generate the certificate separately. See Virtual Hosts for instructions on creating a virtual host.

Default SSL port

Apache’s default HTTPS port is 443. You can change it from the tray menu like any other port — see Change Service Ports.

Trusting the certificate in your browser

Bearsampp generates self-signed certificates. Browsers do not trust self-signed certificates by default, so you will see a security warning the first time you visit an HTTPS site using a Bearsampp certificate. You have two options:

Accept the warning

In most browsers, you can click Advanced and then Proceed to [hostname] to continue past the warning. This is the quickest option for local development.

Add to trust store

Import the .crt file into Windows’ Certificate Manager as a trusted root authority. This removes the browser warning permanently for that certificate.

Adding a certificate to the Windows trust store

1

Open the certificate file

Navigate to bearsampp\ssl\ and double-click the .crt file for your hostname.
2

Install the certificate

Click Install Certificate, choose Local Machine, and click Next.
3

Choose the certificate store

Select Place all certificates in the following store, click Browse, and choose Trusted Root Certification Authorities.
4

Complete the wizard

Click Next, then Finish. Restart your browser for the change to take effect.
Self-signed certificates are suitable for local development only. Never use them to serve public-facing sites.