# audit httpd config for private and public key locations
grep-r"^SSLCertificate"/etc/httpd/
# cd to tls dir where keys should be storedcd/etc/pki/tls
# obtain the file name for the openssl config
lsprivate/*.cnf
# create the private key and certificate signing request# update file names based on grep above for 'out' and 'keyout' as required
opensslreq-outprivate/<server>.csr-newkeyrsa:2048-nodes-keyoutprivate/<server>.key-configprivate/*.cnf
# obtain the csr for usage in trust.csu.org for signing
catprivate/*.csr
# submit the CSR to the signing CA and obtain the signed certificate in base64 format# update the public key file with the signed certificate
vimcerts/<server>.crt
# paste base64 content of signed certificate# restart httpd to load new files, reload will not be enough
servicehttpdrestart