mpoat's blog

SSLCertificateFile /etc/httpd/conf.d/ssl.crt/star.bnl.gov.pem.20131008-20141203
SSLCertificateKeyFile /etc/httpd/conf.d/ssl.crt/star.bnl.gov.pem.20131008-20141203

SSLCertificateChainFile /etc/httpd/conf.d/ssl.crt/GlobalSignIntermediate2.crt

SSLCACertificateFile /etc/httpd/conf.d/ssl.crt/GlobalSignRootCA_ExtendedSSL2.crt

Notice that SSLCertificateFile & SSLCertificateKeyFile point to the same .pem file. This is because both the private & public keys are combined.

One dean.star.bnl.gov we have

SSLCertificateFile /etc/pki/tls/certs/star.bnl.gov.pem.20131008-20141203

SSLCertificateKeyFile /etc/pki/tls/certs/star.bnl.gov.pem.20131008-20141203

SSLCertificateChainFile /etc/pki/tls/certs/GlobalSignIntermediate2.crt

SSLCACertificateFile /etc/pki/tls/certs/GlobalSignRootCA_ExtendedSSL2.crt

Again, notice that SSLCertificateFile & SSLCertificateKeyFile point to the same .pem file.

-----------------------------------------------------------------------

Once you familiarized yourself with those files you will need to do the following

Contact Dan Fedele from Cyber security to renew the certificate. Dan will renew the private & public portion of the .pem file.
Get the GlobalSignIntermediate.crt & GlobalSignRootCA_ExtendedSSL.crt from https://support.globalsign.com/customer/portal/topics/538410 (For the 2013-2014 renewall Dan gave me GlobSignIntermediate.crt file & the .pem)
Once you have all of the needed certificates be sure to place them in their respective directories as seen above. You should name the new certificates different from the old ones incase you need to go back. Also when you modify the ssl.conf configuration you should comment out the line for the old cert instead of replacing the line with the new, again this way you can quickly revert the changes.

Once you have added the new certificates and saved your changes to the ssl.conf do not restart the httpd service just yet.