As is the case when working with certificate keystores, you need to make sure that when importing your SSL certificates to your Lotus Domino 8.5 Web Server that the files are imported to the same key ring as was used when creating your CSR. If that key ring is lost, you will need to create a new key ring / CSR and request a reissue from inside your E-Tugra account before proceeding with the installation.
Your certificates will need to be installed to the key ring in the exact order described below.
In the Domino Server Certificate Administration, choose the option to "Install Trusted Root Certificate into Key Ring."
Enter the file name that you selected when creating your CSR, then go ahead and import your Trusted Root Certificate (TrustedRoot.crt). You may see a message that your root certificate is already installed. If this happens, just continue to step 3.
Once again, choose the option to "Install Trusted Root Certificate into Key Ring". You should now install your Intermediate Certificate file(s) and then repeat this step to import the E-Tugra.crt.
For the next step select the option to "Install Certificate into Key Ring". Enter name of the key ring, and then import your Primary Certificate (your_domain_name.crt) file.
Your certificate is now installed and ready to use on your IBM Domino Server.