**** Disclaimer -- works for me, YMMV ***** Steps used to generate a cert Note: apache/modssl cert # If necessary login to the GUI as server admin and enable SSL for the site. CAUTION: if this site has a cert, and you are renewing do this first save files cd /home/sites/host.domain.tld/certs mkdir certs_`date -I`.save (certs_yyyy-mm-dd.save) mv * certs_yyyy-mm-dd.save # login to the GUI as the siteadmin for the site.. Generate a self-signed-cert. This will update the GUI SSL information with dates and years. # from the command line, cd to the certs directory and remove those files cd /home/sites/host.domain.tld/certs rm * You should still have the save directory with the original files if renewal # create the 2048 bit csr using this command openssl req -new -newkey rsa:2048 -keyout key -nodes -out request save these files (key and request) key is very important as it has to match the certificate mkdir certs_`date -I`.new (certs_yyyy-mm-dd.new) mv * certs_yyyy-mm-dd.new # if renewal do the following to return your current cert to proper place mv certs_certs_yyyy-mm-dd.save/* . # If the customer is purchasing the cert email the customer the csr file contents from "request" file, Or insert at website of cert provider # customer or cert provider emailed the files to me which are: host.domain.tld.crt and gd_bundle.crt (for godaddy) may be different # copy (ftp) host.domain.tld.crt to /home/sites/host.domain.tld/certs/certificate you need to use the key from certs_yyyy-mm-dd.new cp certs_certs_yyyy-mm-dd.new/key . # gd_bundle.crt shows 3 distinct certs cut and paste the first one from my ssh terminal into NotePad/ Wordpad and name it C1 do the same for C2 and C3. You will now have C1, C2, and C3 files on your PC # From the site admin area click-on "Manage Certificate Authorities" Remove any ca's that are there in the GUI Add "Certificate Authority name" browse for file C1 on your PC. The same for C2 and C3. # Restart httpd; /etc/init.d/httpd restart