The days of deploying the default, example httpd.conf to enable mod_ssl are long gone, while most articles published on the web are long out of date.  Any 'openssl genrsa 1024' bit suggestion is a first hint of corroded guidance. Smart organizations and business have changed their cipher suite, added ECC keys and stronger RSA keys to now default to forward secrecy operation.  They have shifted from SSL session caches to session tickets to further attain perfect forward secrecy.  And they are rolling out OCSP stapling services to avoid the CA lookup delays, and are on the verge of adopting TLS virtual hosting as the last of the antique browser clients disappear from (or become ignored on) the internet. This talk discusses all of the above features and illustrates deployment consideration, including a hands-on demonstration.  The talk further presents smart configuration of the reverse proxy connections and looks at forward proxy mechanics in preserving the end-to-end goal of perfect forward secrecy.