Actually this should be done in the same way as for self signed ssl, you just need to have ssl generated by registrar instead.
In general the way is next:
1. On scalix server create server private key and csr:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr
2. Use that yourdomain.com.csr while purchasing ssl cert from your ssl authority.
3. Once you get cert form authority, (usualy it's .crt file and ca-bundle file). Upload them to scalix server.
4. On scalix server side change configuration files for swa/sac:
find your instance-<scalix-server-hostname>.conf files in /etc/opt/scalix-tomcat/connector/jk and /etc/opt/scalix-tomcat/connector/ajp
In virtualhost section for port :443 change the path to your certificates accordingly. It should look like:
5. Restart tomcat with command like "service scalix-tomcat restart".
Scalix Support Team