There is a "bug" in Domino when it comes to which certificate to use. When you activate internet sites, the setting for which kyr file (certificate) is to be used in the server document is hidden and it is instead pointed out in the setting for internet sites. But what is stated in the internet site is only used for incoming traffic towards http. When it comes to traffic out from the server from, for example, calls to web services, the setting for kyr file that is specified in the server document is still used, even though it is not visible.
Suggest that it be corrected in such a way that the setting is not hidden, but that the title of the setting changes if the internet site is activated. The title could then, for example, be "Outgoing SSL key file name:". The function is good as it is, but the settings must be adjusted so that it becomes clear how it works.