Here's what I did
I stopped CSA services " net stop csagent" "net stop crmdmgtd"
I deleted these files
CSCOpx\CSAMC\cfg sslca.crt, sslhost.crt
CSCOpx\lib\web\conf root.crt, server.key, server.crt
CSCOpx\MDC\apache\conf\ssl chain.cer, root.crt, server.key, server.cert
then in a CMD window i ran
..\..\bin\perl.exe installcert.pl -forceinstall
this generates new certs and puts them in appropriate places
then i restarted the services and ran CSAMC\bin webmgr makekits_refresh to update the kits.
then i pushed out the sslca.crt through a login script and we're back up and running