New Apache Certificate
    Generate New Key and CSR

      cd /etc/pki/tls/
      openssl genrsa -out private/*FQDN*.1.key 2048
      openssl req -new -key private/*FQDN*.1.key \
                      -out certs/*FQDN*.1.csr
        Country (C): AU
        State (S): Queensland
        Location (L): Brisbane
        Organisation (O): Griffith University
        Organisational Unit (OU): ICTS
        Common Name (CN): *FQDN*
        *** do not set email, passwords, or optional company name ***

    Mail the generated CSR (BEGIN..END lines) to Security Officer (J.Braine)

    Save the signed CRT into
         /etc/pki/tls/certs/*FQDN*.1.crt

    Install Certificate Chain
      Goto Thawte page
        https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actp=CROSSLINK&id=AR1373
      Download Primary and Secondary CA Certificates
          "SSL_PrimaryCA.pem"  and  "SSL_SecondaryCA.pem"
      Concatanate them into a CA Certificate file
        cat SSL_*CA.pem > /etc/pki/tls/certs/ca-bundle_thawte.crt
        rm SSL_*CA.pem
      hupwww

    Reconfigure Apache SSL certificate files
      vi /etc/httpd/conf.d/ssl.conf
        SSLCertificateFile /etc/pki/tls/certs/*FQDN*.1.crt
        SSLCertificateKeyFile /etc/pki/tls/private/*FQDN*.1.key
        SSLCACertificateFile /etc/pki/tls/certs/ca-bundle_thawte.crt
      service httpd restart
      tail /var/log/httpd/error_log

    Testing
      Note "Firefox" and "Chrome" loads page without a 'certificate problem
      However "wget" and "lynx" fails
        wget -v https://*FQDN*/
          ...
          ERROR: cannot verify *FQDN*'s certificate,
          issued by `/C=US/O=Thawte, Inc./CN=Thawte SSL CA':
          Unable to locally verify the issuer's authority.
          To connect to *FQDN( insecurely, use `--no-check-certificate'.