If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
Lotus Domino 8.5 CSR Creation Instructions.
Install SSL on a Lotus Domino Web Server Version 8.5
As is the case when working with certificate keystores, you need to make sure that when importing your SSL certificates to your Lotus Domino 8.5 Web Server that the files are imported to the same key ring as was used when creating your CSR. If that key ring is lost, you will need to create a new key ring / CSR and request a reissue from inside your DigiCert account before proceeding with the installation.
Your certificates will need to be installed to the key ring in the exact order described below.
DigiCertCA2.crt (if included in your zip file)
In the Domino Server Certificate Administration, choose the option to "Install Trusted Root Certificate into Key Ring."
Enter the file name that you selected when creating your CSR, then go ahead and import your Trusted Root Certificate (TrustedRoot.crt). You may see a message that your root certificate is already installed. If this happens, just continue to step 3.
Once again, choose the option to "Install Trusted Root Certificate into Key Ring". You should now install your Intermediate Certificate file(s). If you received a DigiCertCA2.crt, make sure to import that first, and then repeat this step to import the DigiCertCA.crt.
If you did not receive a DigiCertCA2.crt file, go ahead and import your DigiCertCA.crt now.
For the next step select the option to "Install Certificate into Key Ring". Enter name of the key ring, and then import your Primary Certificate (your_domain_name.crt) file.
Your certificate is now installed and ready to use on your IBM Domino Server.
Installing SSL Certs on Domino 8.5
Installing your certificates to Lotus Domino.