How To Get OpenEMR SSL Certificate Recognized From Laptop On Same LAN

Hi all,

I’m new to the community and have just opened a small practice. I have been running into some issues trying to get my laptop (used in the Exam/Treatment room) to recognize OpenEMR’s SSL certificate on the main computer where it is installed (front desk).

Here’s my set up:

I have a desktop (where OpenEMR is installed) and a laptop both connected to my gateway via ethernet. They are both running Windows 11 and on the same LAN. I have installed OpenEMR with XAMPP.

I was unable to get the certificate generator to work in OpenEMR (possibly because it’s running in XAMPP?), but I was able to generate an SSL certificate in XAMPP using the makecert.bat. I then created a virtual host (“example.local”) and v3.ext file and successfully installed the certificate on the main system and configured apache to reroute port 80 traffic to port 443. I then installed the certificate into the browser of my laptop (in the “Trusted root certificates” folder), but I continue to get the “Not Secure” message when I get to the logon screen on my laptop.

I am not sure if the certificate is not being recognized because in order to get to the logon page, I type the other computer’s ip address into the url, and the certificate is for “example.local,” or whether it is not being recognized because my browser is simply from a second computer. In the v3.ext file, I added an alias DNS with the ip address of the main computer, but that didn’t seem to resolve the issue either.

At this point, the gaps in my knowledge are apparent, and I don’t know how to remedy the situation. Any assistance would be much appreciated.

Thank you,
Bryan

Hi @QCChiropractic Welcome.
You shouldn’t need to do anything to your laptop.
Depending on how you are accessing openemr the server installed certificate will be used.

• Hopefully you’re not setting laptop as new install of openemr.
• If accessing via intranet(localhost) the servers certificate won’t be used unless as part of certificate localhost has been included. I feel you don’t need one when accessing this way but some argue otherwise.
• Most internet providers now prevent accessing virtual host when calling from same host location. IOW can’t use domain address to route out to internet and then come back. For server/windows you need to set up Hosts file with route to server. So add to Hosts file your server machine route like 192.168.1.254 www.domain/etc for all you aliases if you have them in virtual host.
• host file on windows is located at C:\Windows\System32\drivers\etc\hosts open and edit. (optionally) Open a Command Prompt as an administrator and run the command: ipconfig /flushdns . Rarely need to do but it’s there if route doesn’t seem to work right away.

I normally won’t get involve with IT stuff here but I hoped to save you some grief with a quick answer.
Good luck and remember, web searches is your friend!

Thanks for the quick response, Jerry.

I am not installing OpenEMR as a new install on my laptop. I am just accessing the OpenEMR installed on the desktop by typing in its static ip address in the browser.

In the Windows/Server Host file, I have put 5 alias DNSs 1. localhost, 2. *.example.local, 3. example.local, 4. 127.0.0.1, and 5. 127.0.0.2. I tried adding the desktop’s static ip as a 6th alias, but it did not resolve the issue.

When I go to the ip address via https://, it says my certificate is not trusted by my laptop’s operating system.

I tried making a virtual host of the static ip address, but the windows/server would not trust the certificate (probably because it is the same address as the computer).

Bryan

Get rid of all those entries. You don’t need them. default 127.0.0.1 will handle localhost so don’t need any of that. Cut down to one entry which as example of one of my entries 192.168.0.14 opensourcedemr.us then add more as needed. Get to work first and what you current have is probably preventing your domain from being seen.

I also hope you’re adding port forwards to your server(xampp) machine local IP for port 443, port 80 and port 22 which is https, http and SSH(so you can access terminal remotely) in your router settings. This is important

btw: don’t need to add protocol(https) to host route. Router takes care of that. Just use your domain.

Perfect. Thank you! I’ll cut out the entries and simplify it.

Thank you so much for your help. I figured everything out. I will post a step by step to the solution as a new thread/topic to assist anybody running into the same issue.

Bryan