I'm glad you got it sorted.
I have not tried SSL in XAMPP, but it looks like it
does have the capability. I suspect that most of the work is done by the browser talking directly to Apache. You'd have to have a cert file in the right place and specify that location in your Apache config file.
xampp/apache/config/config.httpd has a line that loads the SSl module, and it "includes" conf/extra/httpd-ssl.conf which I think contains the lines that specify the location of the cert file. I'm not sure, but I think you can also specify the file in a php.ini in the MODX directory. E.g.,
curl.cainfo = "/etc/pki/tls/cacert.pem"
If you use https for the login page, you might have to access all manager pages with https -- otherwise, the session would be lost when you switched to http and your permission to perform Manager actions would go away.
I do recommend making your live site https. I don't think it makes it significantly more secure, since it mainly just certifies that the connection is to your site rather than another one, but both Firefox and Chrome are pushing hard for full SSL by issuing dire warnings on non-SSL pages that ask the user for certain kinds of information (e.g. a contact page). SSL no longer slows down sites and I've read that it often speeds them up. At my host (see my sig), you can enable LetsEncrypt (free) in cPanel. After doing that, I just added a rewrite rule in .htaccess to rewrite http to https -- much easier than trying to use SSL on specific pages.
TBH, rather than messing with SSL locally, I've left it off my localhost sites. Since most of the MODX data is in the database, it's not easy to push content from the staging site to the live site. There are various ways to do it, but I've found that it's fairly easy, and much less error-prone, to just cut-and-paste the content.