Cognizant Individual ... Lew Randerson

System Configuration
   blackbird.pppl.gov (aka cert.fusiongrid.org)
   Red Hat Enterprise Linux WS release 4 (Nahant Update 7) 
   Dual-Core AMD Opteron Processor

Change 
   Replace www.fusiongrid.org FusionGrid-signed Apache SSL Certificate
   with VeriSign-signed certificate.

     VeriSign Secure Site 3-year certificate
     40-bit minimum to 256-bit SSL encryption
     $100,000 warranty
     VeriSign Secured Seal
     30-day free revoke/replace

Procedure
   o Purchase Certificate from VeriSign
   o Install Key and Certificate on blackbird.conf
   o Download Intermediate file on blackbird.conf
   o Backup /etc/httpd/conf.d/ssl.conf file
   o Update /etc/httpd/conf.d/ssl.conf file 
     (where DIR=/home/fgcm/SSL_CERTIFICATE)
     - Change SSLCertificateFile entry 
         to DIR/cert.fusiongrid.org.crt
     - Change SSLCertificateKeyFile entry 
         to DIR/cert.fusiongrid.org.key
     - Comment out SSLCACertificatePath entry
         . . .
     - Set SSLCACertificatefile entry
         to DIR/cert.fusiongrid.org.intermediate.crt

Impact on Users

   o Browsers will recognize VeriSign signing-authority and
     no longer raise alerts on unrecognized SSL certificate.

Testing

   - Restart apache server and inspect /etc/http/logs files
   - Onsite, connect to http://cert.fusiongrid.org with
       MAC, Windows, and Linux browsers
   - Offsite, connect to http://cert.fusiongrid.org with
        browser

Backout 

  o Restore backed up ssl.conf file and restart apache server
    Verify still works