For RedHat, as of 1/26/2012:
1) Get the certificates from the DOD:
# wget http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.p7b
# wget http://dodpki.c3pki.chamb.disa.mil/dodeca.p7b
# wget http://dodpki.c3pki.chamb.disa.mil/dodeca2.p7b
2) Convert to Apache format:
# openssl pkcs7 -inform DER -outform PEM -in rel3_dodroot_2048.p7b -out rel3_dodroot_2048.pem -print_certs
# openssl pkcs7 -inform DER -outform PEM -in dodeca.p7b -out dodeca.pem -print_certs
# openssl pkcs7 -inform DER -outform PEM -in dodeca2.p7b -out dodeca2.pem -print_certs
3) Consolidate them into one file:
# cat dodeca2.pem dodeca.pem rel3_dodroot_2048.pem > dod-root-certs.pem
4) Put them all into certs file:
# cp dodeca2.pem dodeca.pem rel3_dodroot_2048.pem dod-root-certs.pem /etc/pki/tls/certs
5) Modify Apache Configuration file (/etc/httpd/conf.d/ssl.conf) by setting the following:
SSLVerifyClient require
SSLVerifyDepth 2
SSLCertificateFile /etc/ssl/certs/<your-host-name>.crt
SSLCertificateKeyFile /etc/ssl/certs/<your-host-name>.pem
SSLCACertificateFile /etc/ssl/certs/dod-root-certs.pem
6) Restart Apache:
# service https restart