We just recently renewed our web server certificates for our various web sites with SuperCerts from Thawte. These “supercerts” allow browsers that can only negogiate at 40-bit encryption to downgrade the connection. However, after installation of the new certificate, we noticed that browsing to the site popped up a message saying the certificate wasn’t signed by a trusted CA. So now the Supercerts requires that you install a server-level Thawte SGC CA certificate. Here is how to do it:
1. Get new domain certificate and SGC CA certificate from Thawte.
2. Save the certificate as www.mydomain.com.crt and the Thawte SGC CA cert as thawtesgc.crt as root on your web server.
3. Modify your httpd.conf or ssl.conf for Apache with the following lines:
SSLCertificateFile /path/to/cert/www.mydomain.com.crt
SSLCertificateKeyFile /path/to/key/www.mydomain.com.key
SSLCACertificateFile /path/to/cacert/thawtesgc.crt
4. Stop and start Apache:
apachectl -k stop
apachectl -k start -DSSL

Here are Thawte’s instructions for this. It says you need to reboot your server, but I haven’t found that you do.