Well, pasting them into the “Install Cert” GUI didn’t work, but I did sit down with the web guy and we figured out how to do it in the SSH.
The answers are all in /etc/httpd/conf.d/ssl.conf
You have to use a text editor like vim, create a .crt file in /etc/pki/tls/certs/ then paste in the text from your crt file, then do the same for the .key file in /etc/pki/tls/private/ and finally edit the ssl.conf to comment out the old CRT and KEY and put in the paths to the new ones you make, like so:
Server Certificate:
Point SSLCertificateFile at a PEM encoded certificate. If
the certificate is encrypted, then you will be prompted for a
pass phrase. Note that a kill -HUP will prompt again. A new
certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/NEW.crt
Server Private Key:
If the key is not combined with the certificate, use this
directive to point at the key file. Keep in mind that if
you’ve both a RSA and a DSA private key you can configure
both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/private/NEW.key
Then just run “service httpd restart” and the new certificates take effect.
Afterwards we also ran “vim /var/www/html/.htaccess” to create an .htaccess file, and pasted into it:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
which immediately forces all traffic from the “http” on the server to “https”