Well, pasting them into the “Install Cert” GUI didn’t work, but I did sit down with the web guy and we figured out how to do it in the SSH.

The answers are all in /etc/httpd/conf.d/ssl.conf

You have to use a text editor like vim, create a .crt file in /etc/pki/tls/certs/ then paste in the text from your crt file, then do the same for the .key file in /etc/pki/tls/private/ and finally edit the ssl.conf to comment out the old CRT and KEY and put in the paths to the new ones you make, like so:

Server Certificate:

Point SSLCertificateFile at a PEM encoded certificate. If

the certificate is encrypted, then you will be prompted for a

pass phrase. Note that a kill -HUP will prompt again. A new

certificate can be generated using the genkey(1) command.

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/NEW.crt

Server Private Key:

If the key is not combined with the certificate, use this

directive to point at the key file. Keep in mind that if

you’ve both a RSA and a DSA private key you can configure

both in parallel (to also allow the use of DSA ciphers, etc.)

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/private/NEW.key

Then just run “service httpd restart” and the new certificates take effect.

Afterwards we also ran “vim /var/www/html/.htaccess” to create an .htaccess file, and pasted into it:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

which immediately forces all traffic from the “http” on the server to “https”