Let's say you have a web app and you distribute an embedded Apache HTTPD with that web app. It's difficult to manage customers that want to run SSL. The best way appears to be to let the customer manage installing SSL certificates on the embedded Apache -- or to recommend the customer use a front-end SSL accelerator card or pizza box.
Are there better ways of doing this?
You've pretty much covered it. SSL requires the user install valid certs. The best you can do is give them good instructions on how to do so.
One option I've seen on embedded systems that's potentially easier to configure than using Apache's built-in support for SSL is stunnel.
It handles all of the SSL layer, and then communicates with the local web server over the loopback interface.
If the only reason to run Apache is to get SSL support, this can provide a way of running an alternate HTTP server with a smaller footprint.
