Stesps to be done when a new service certificate has to be installed:

On the 3 HAproxy nodes: concatenate the cert and key in a single file that must be called '/etc/grid-security/hostcertkey.pem' and must have the following ownership and protections:

-rw-------. 1 root root 3364 Mar 26 14:36 /etc/grid-security/hostcertkey.pem

Then restart the haproxy service:

service haproxy restart

On the two controller nodes, install the cert and key files as:

-rw-r--r-- 1 root root 1657 Mar 26 15:02 /etc/grid-security/hostcert.pem
-r-------- 1 root root 1708 Mar 26 15:02 /etc/grid-security/hostkey.pem
-rw-r--r-- 1 shibd shibd 1657 Mar 26 15:02 /etc/shibboleth/sp-cert.pem
-rw------- 1 shibd shibd 1708 Mar 26 15:02 /etc/shibboleth/sp-key.pem

Please note the ownerships and protections.

Then restart sshd and shibd:

service httpd restart
service shibd restart