首先看一下阿里云官方的教程：

文件說明：

1. 證書文件xxxxxx.pem，包含兩段內容，請不要刪除任何一段內容。

2. 如果是證書系統創建的CSR，還包含：證書私鑰文件xxxxxxxx.key、證書公鑰文件public.pem、證書鏈文件chain.pem。

( 1 ) 在Apache的安裝目錄下創建cert目錄，并且將下載的全部文件拷貝到cert目錄中。如果申請證書時是自己創建的CSR文件，請將對應的私鑰文件放到cert目錄下并且命名為xxxxxxxx.key；

( 2 ) 打開 apache 安裝目錄下 conf 目錄中的 httpd.conf 文件，找到以下內容并去掉“#”：

#LoadModule ssl_module modules/mod_ssl.so (如果找不到請確認是否編譯過 openssl 插件)#Include conf/extra/httpd-ssl.conf

( 3 ) 打開 apache 安裝目錄下 conf/extra/httpd-ssl.conf 文件 (也可能是conf.d/ssl.conf，與操作系統及安裝方式有關)， 在配置文件中查找以下配置語句:

# 添加 SSL 協議支持協議，去掉不安全的協議SSLProtocol all -SSLv2 -SSLv3# 修改加密套件如下SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUMSSLHonorCipherOrder on# 證書公鑰配置SSLCertificateFile cert/public.pem# 證書私鑰配置SSLCertificateKeyFile cert/xxxxxxx.key# 證書鏈配置，如果該屬性開頭有 '#'字符，請刪除掉SSLCertificateChainFile cert/chain.pem

( 4 ) 重啟 Apache。

( 5 ) 通過 https 方式訪問您的站點,測試站點證書的安裝配置，如遇到證書不信任問題，請查看幫助視頻。

然而這只能參考。在Ubuntu下面，我是用apt安裝的Apache，但是它沒有httpd.conf，只有一個apache2.conf，好吧，其實這個文件和httpd.conf差不多，它里面是這樣注釋的：

# It is split into several files forming the configuration hierarchy outlined# below, all located in the /etc/apache2/ directory:## /etc/apache2/# |-- apache2.conf# | `-- ports.conf# |-- mods-enabled# | |-- *.load# | `-- *.conf# |-- conf-enabled# | `-- *.conf# `-- sites-enabled# `-- *.conf#

這個版本的Apache把配置文件分散到了其他小文件中，結構就是上面那樣子的。你要是愿意的話，也可以自己寫一個httpd.conf然后include進去。

重點講一下https的配置，第一步，你要保證你外部環境的443端口是打開的。

第二步確保你安裝了ssl_module。沒有就apt-get install openssl ，可能還需要一些依賴，但是都是小問題。

然后打開ports.conf，以下幾句是不可少的：

<IfModule ssl_module> Listen 443</IfModule> <IfModule mod_gnutls.c> Listen 443</IfModule>

接著打開mods-available，找到ssl.conf和ssl.load

ssl.load長這樣：

# Depends: setenvif mime socache_shmcbLoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.sossl.conf長這樣：<IfModule mod_ssl.c>  # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512  ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ##  # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl  # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase  # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism  # to use and second the expiring timeout (in seconds). # (The mechanism dbm has known memory leaks and should not be used). #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300  # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization.  # (Disabled by default, the global Mutex directive consolidates by default # this) #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache   # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. See the # ciphers(1) man page from the openssl package for list of all available # options. # Enable only secure ciphers: SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM  # SSL server cipher order preference: # Use server priorities for cipher algorithm choice. # Clients may prefer lower grade encryption. You should enable this # option if you want to enforce stronger encryption, and can afford # the CPU cost, and did not override SSLCipherSuite in a way that puts # insecure ciphers first. # Default: Off SSLHonorCipherOrder on  # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported SSLProtocol all -SSLv2 -SSLv3  # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off #SSLInsecureRenegotiation on  # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off #SSLStrictSNIVHostCheck On </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet