以下の内容で、ssl化するはずですし、起動時のパスフレーズも聞かれないはず。
自分用メモ
Listen 443 https #SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLPassPhraseDialog builtin SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 #SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLCryptoDevice builtin #SSLCryptoDevice ubsec <VirtualHost _default_:443> #DocumentRoot "/var/www/html" ServerName www.sexy-example.com:443 ErrorLog /data/sexyexample/logs/ssl_error_log LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" TransferLog /data/sexyexample/logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 #SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 #SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateFile /etc/httpd/cert/sexyexample_crt.pem #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLCertificateKeyFile /etc/httpd/cert/sexyexample_key.pem #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt SSLCertificateChainFile /etc/httpd/cert/sexyexample.cer BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/sexyexample/httpd/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>