以下の内容で、ssl化するはずですし、起動時のパスフレーズも聞かれないはず。
自分用メモ
Listen 443 https
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
#SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
<VirtualHost _default_:443>
#DocumentRoot "/var/www/html"
ServerName www.sexy-example.com:443
ErrorLog /data/sexyexample/logs/ssl_error_log
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
TransferLog /data/sexyexample/logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/cert/sexyexample_crt.pem
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/cert/sexyexample_key.pem
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/httpd/cert/sexyexample.cer
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/sexyexample/httpd/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
