--- /dev/null
+LoadModule ssl_module lib/apache/libssl.so
+AddModule mod_ssl.c
+
+##--------------------------------------------------------------------------
+## Add additional SSL configuration directives which provide a
+## robust default configuration: virtual server on port 443
+## which speaks SSL.
+##--------------------------------------------------------------------------
+##
+## SSL Support
+##
+## When we also provide SSL we have to listen to the
+## standard HTTP port (see above) and to the HTTPS port
+##
+Listen 443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First either `none'
+# or `dbm:/path/to/file' for the mechanism to use and
+# second the expiring timeout (in seconds).
+#SSLSessionCache none
+#SSLSessionCache dbm:logs/ssl_scache
+SSLSessionCache shm:/var/run/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual explusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:/var/run/ssl_mutex
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+# Logging:
+# The home of the dedicated SSL protocol logfile. Errors are
+# additionally duplicated in the general error log file. Put
+# this somewhere where it cannot be used for symlink attacks on
+# a real server (i.e. somewhere where only root can write).
+# Log levels are (ascending order: higher ones include lower ones):
+# none, error, warn, info, trace, debug.
+SSLLog /var/log/httpd/ssl_engine_log
+SSLLogLevel info
+
+<VirtualHost _default_:443>
+SSLEngine on
+#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCertificateFile /etc/httpd/server.crt
+SSLCertificateKeyFile /etc/httpd/server.key
+#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
+#SSLCACertificatePath /etc/httpd/conf/ssl.crt
+#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
+#SSLCARevocationPath /etc/httpd/conf/ssl.crl
+#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars
+</Files>
+<Directory "/home/httpd/html/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+CustomLog /var/log/httpd/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>