SSL server certificates are created at the SITE level in EFT.  To add or replace a certificate you must first add it to the server, either as a single certificate containing both private and public keys (for example .p12 or .pfx), or as two separate files - a .crt and .key file.  Normally these files are stored somewhere in the configuration folder, but it's good practice to have a distinct 'certs' folder and save them there, perhaps even adding a subfolder to represent the year.

Once you have made the certificate(s) available, open the EFT admin UI and click on the site in question.  Here, select the 'Connections' tab and find 'SSL certificate settings'

Click the configure button and navigate to the location of the certificate and key files (for .pfx and .p12 this will be the same file for both).  You MUST enter the correct password to protect the certificate

You may also wish to be notified of upcoming certificate expirations, to do this use the Expiration Notification button on this screen.  It will display a configuration screen as follows:

You'll also notice that you can demand a certificate for authentication purposes from clients that connect in to EFT.  You can set this either globally (on the SSL Certificate Settings screen) or individually on a user or template.  In either case, these certificates and managed internally in the EFT application using the'manage SSL certificates' option under the tools menu, and are completely independant of the servercertificate process.