OK, now is time to setup your Apache with SSL. First of all be sure that your Apache will be working with SSL.

[root@security1 www20]# setsebool -P httpd_tty_comm on

Create a Certificate Signing Request (CSR) with the server RSA private key

[root@security1 html]# openssl req -new -key /etc/pki/CA/private/my-ca.key -out server.csr
[root@security1 html]# openssl ca -in server.csr -out server.crt

Install mod_ssl package.

[root@security1 html]# yum -y install mod_ssl

Change lines in /etc/httpd/conf.d/ssl.conf so they read next:

SSLCertificateFile /etc/httpd/conf/server.crt Location for your crt
SSLCertificateKeyFile /etc/pki/CA/private/my-ca.key Location for your key

After this restart service and try https://security1.setenforce.com, you should accept certificate, so this will work.

Decrypting private key

All this is OK, but I don't want to insert pass phrase every time I restart service. So I need to do decrypting private key.

[root@security1 conf]# cp server.key server.encrypted.key

Now use the openssl utility to decrypt your key and store it using the original filename

[root@security1 conf]# openssl rsa -in server.key.encrypted -out server.key
[root@security1 conf]# chmod 700 server.key

Restart service and you will see that system doesn't need pass phrase to restart.