# mkdir -m 700 /usr/local/etc/apache22/ssl.crt
# mkdir -m 700 /usr/local/etc/apache22/ssl.csr
# mkdir -m 700 /usr/local/etc/apache22/ssl.key
# cd ~
# openssl req -new -x509 -nodes -out server.crt -keyout server.key

当要求输入主机名时，输入正确的域名。（Common Name put the hostname (fully qualified domain name) of your computer.）

# cp server.crt /usr/local/etc/apache22/ssl.crt/server.crt
# cp server.key /usr/local/etc/apache22/ssl.key/server.key
# chmod 400 /usr/local/etc/apache22/ssl.crt/server.crt
# chmod 400 /usr/local/etc/apache22/ssl.key/server.key

# ee /usr/local/etc/apache22/httpd.conf

把#Include etc/apache22/extra/httpd-ssl.conf前面的#去掉。

# ee /usr/local/etc/apache22/extra/httpd-ssl.conf

设置正确的SLCertificateFile，SSLCertificateKeyFile

# apachectl configtest
# apachectl restart

https://域名/

注意：自签名的SSL证书会有认证提示的，购买的就没有提示了！

参考：http://lamp.linux.gov.cn/Apache/ApacheMenu/ssl/ssl_faq.html#aboutcerts