前提

1. macportsなどでopenssl, Apache2.2をインストールしておく(mod_sslもDSOとして組み込めるようにしておく)

$ port installed | grep apache2
  apache2 @2.2.14_0+darwin+preforkmpm (active)
  ...
$ port installed | grep openssl
  openssl @0.9.8k_0+darwin (active)
  ...

プライベートCA(認証局)の作成

$ cd /opt/local/etc/openssl/
$ sudo ./misc/CA.sh -newca
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.............................++++++
.............................................++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase: <-----CA用パスフレーズ
Verifying - Enter PEM pass phrase:<-----再入力
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: 【ENTER】
State or Province Name (full name) [Some-State]:【ENTER】
Locality Name (eg, city) []:【ENTER】
Organization Name (eg, company) [Internet Widgits Pty Ltd]:【ENTER】
Organizational Unit Name (eg, section) []:【ENTER】
Common Name (eg, YOUR name) []:private<----ここだけ【private】にした
Email Address []:【ENTER】

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:【ENTER】
An optional company name []:【ENTER】
Using configuration from /opt/local/etc/openssl/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:<------先ほどのパスフレーズを入れる
Check that the request matches the signature
Signature ok
Certificate Details:
   .........(中略)...........
Write out database with 1 new entries
Data Base Updated

サーバー秘密鍵の作成

$ cd /opt/local/apache2/conf
$ sudo mkdir openssl
$ cd openssl
$ sudo openssl genrsa -out apache2.key -des3 1024
$ sudo openssl rsa -in apache2.key -out apache2_nopasswd.key
$ sudo openssl req -new -key apache2_nopasswd.key -out apache2.csr
 ....(いろいろ訊かれるが全部エンター。Common Nameだけ前述の【private】にする)

サーバー証明書の作成

$ cd /opt/local/etc/openssl
(なぜかわからないけど、demoCA/index.txtを空にしておかないとうまく行かなかったので)
$ sudo rm demoCA/index.txt
$ sudo touch demoCA/index.txt
$ sudo openssl ca -in  /opt/local/apache2/conf/openssl/apache2.csr -out /opt/local/apache2/conf/openssl/apache2.crt

これで秘密鍵と証明書ができた

$ ls -l /opt/local/apache2/conf/openssl
-rw-r--r--   1 root      admin  3071 11 16 16:28 apache2.crt
-rw-r--r--   1 root  admin   631 11 16 16:28 apache2.csr
-rw-r--r--   1 root  admin   963 11 16 16:23 apache2.key
-rw-r--r--   1 root  admin   891 11 16 16:23 apache2_nopasswd.key

httpd-ssl.confの編集

(ファイルの中身)
Listen 443
<VirtualHost *:443>
DocumentRoot "/opt/local/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/local/apache2/conf/openssl/apache2.crt"
SSLCertificateKeyFile "/opt/local/apache2/conf/openssl/apache2_nopasswd.key"
</VirtualHost>                                  

動作確認

ブラウザからhttps://localhostにアクセスして、ブラウジングできればOK