SearchSupportFree trial
Contact us

Knowledge Base

Knowledge BaseSSL Technical FAQs

How to install SSL Certificate on Cisco ASA using ASDM?  

Updated on May 2, 2026

 Overview 

An SSL certificate can be installed on a Cisco ASA firewall using either ASDM or the CLI. There are two supported installation methods: 

  • Install the CA certificate and identity certificate separately using PEM‑encoded files 

  • Import a PKCS#12 file, (base64 encoded for CLI) which contains the identity certificate, CA certificate, and private key bundled together 

Prerequisites 

Before you begin, ensure you have the following: 

  • Access to Cisco ASDM with administrative privileges 

  • The signed SSL server certificate in .crt or text format 

  • Any required CA certificates provided by the certificate authority 

  • An existing Trustpoint created on the ASA (from the earlier CSR generation process) 

 
 
Installing the certificate in PEM Format Using ASDM 

The following steps assume that the Certificate Authority (CA) has provided a PEM‑encoded identity certificate (.pem, .cer, or .crt) along with a CA certificate bundle. 

  1. Navigate to Configuration → Remote Access VPN → Certificate Management → CA Certificates. 

  1. Open the PEM‑encoded CA certificate in a text editor. 

  1. Copy the Base64‑encoded CA certificate provided by the third‑party vendor. 

  1. Paste the certificate content into the available text field. 

 

Install CA Cert 

  1. Click Install certificate. 

  1. Navigate to Configuration → Remote Access VPN → Certificate Management → Identity Certificates. 

 

  1. Select the identity certificate trustpoint created earlier and click Install. 

 

  1. Choose one of the following options: 

Select Install from a file, then browse to and select the PEM‑encoded identity certificate, or 

Open the PEM‑encoded identity certificate in a text editor and copy the Base64‑encoded certificate. Paste the content into the provided text field. 

 

Install ID Cert 

  1. Click Add Certificate. 

Cert Import Succeed 

  1. Navigate to Configuration → Remote Access VPN → Advanced → SSL Settings. 

 

  1. Under Certificates, select the interface used to terminate WebVPN sessions 
    (for example, the outside interface). 

 

  1. Click Edit. 

  1. From the Certificate drop‑down list, select the newly installed certificate. 

 

Select SSL cert - Pem 

  1. Click OK. 

  1. Click Apply. The new certificate is now utilized for all WebVPN sessions that terminate on the interface specified. 
     

Installing a PKCS#12 Certificate Using ASDM 

This method is used when the Certificate Signing Request (CSR) was not generated on the ASA, such as for wildcard certificates or UC (Unified Communications) certificates. In these scenarios, the Identity certificate and private key are provided either as separate files or as a single bundled PKCS#12 file (.p12 or .pfx). 

Step 1: Prepare the PKCS#12 File 

If the identity certificate, CA certificate, and private key are provided separately, bundle them into a single PKCS#12 file. 
If the CA has already provided a bundled PKCS#12 file, proceed to the next step. 

Step 2: Import the PKCS#12 Certificate 

  • Navigate to Configuration → Remote Access VPN → Certificate Management → Identity Certificates. 

  • Click Add. 

  • Enter a Trustpoint name. 

  • Select the Import the identity certificate from a file option. 

  • Browse and select the PKCS#12 file. 

  • Enter the certificate passphrase used when creating the PKCS#12 file. 

 

Add PKCS12 

Step 3: Click Add Certificate. 

Cert Import Succeed 

Step 4: 
Navigate to Configuration → Remote Access VPN → Advanced → SSL Settings. 

 Under Certificates, select the interface used to terminate WebVPN sessions 
(for example, the outside interface). 

Click Edit. 
From the Certificate drop‑down list, select the newly installed certificate. 

 

Select SSL Trustpoint 

Step 5: 
Click OK and click Apply. The new certificate is now utilized for all WebVPN sessions that terminate on the interface specified. 

 
 

 

Verification:  Certificate Installation 

 
Use the following steps to verify that the third‑party vendor certificate has been installed successfully and is being used for SSL VPN connections. 

  1. View Installed Certificates Using ASDM 

  1. Navigate to Configuration → Remote Access VPN → Certificate Management → Identity Certificates. 

  1. Verify that the identity certificate issued  is listed and visible. 

 

Verify Cert

 

Related Articles: How to Generate a Certificate Signing Request (CSR) in Cisco ASA 5500 SSL VPN/Firewall?  | Sectigo® Official 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources