Background - the department has a 15 license wildcard cert - *.sat.iit.edu issued by my good friends at Trustwave (which is in Chicago and had really killer customer support btw)

All 15 licenses were issued - some of the servers had been rebuilt since their cert was issues - meaning that the public/private key from those servers was now invalid and would throw the browser warning screen below...

danger_will_robinson

So what do to? After talking with tech support I understood this: the initial certificate was signed with Trustwave's root certificate. But since this was an re=issued certificate their is now an additional chain.cer (chain certificate)?

Why? Because the new certificate is signed by the intermediate level certificate that then chains to the root cert - follow?

TL:DR;

The Intermediate comes as either a ".cer" or ".crt" extension. Technically speaking; the ".cer" and ".crt" extensions are one in the same. If your instance of Apache requires that you use ".crt" files, then you can simply rename a ".cer" file to ".crt" Note: At this point, you should have a file named "chain.cer", "ovca.crt", or "dvca.crt". Moving forward, this FAQ will refer to this file as the intermediate file.</blockquote>

Editing the httpd.conf or ssl.conf file (Ubuntu it is /etc/apache2/sites-enabled/default-ssl)
Your host section will need to contain the following directives:

"SSLCACertificateFile" - Set this attribute to point to the appropriate Trustwave root CA certificate. The Trustwave root CA certificate can downloaded from the following URL: <-- Optional

"SSLCertificateChainFile" - Set this attribute to point to the intermediate file. <-- where you need to put your chain.cer file

"SSLCertificateFile" - Set this attribute to point to the end entity certificate (the "[yourdomain].cer" file you received from Trustwave) <-- You need the reissued STAR.youdomain.here.cer

"SSLCertificateKeyFile" - Set this attribute to point to the private key that was generated with your CSR. -- the same key file from you CSR request</blockquote>

Remember restart Apache! (sudo service apache2 restart) If there is an error tail /var/log/apache2/error.log

If everything works you will see this screen...
SesameStreet-Group_preview

take care