Ask a Question

Advanced Search

Solution ID : SO22525

Last Modified : 05/20/2019

Installation Instruction for Cisco ASA 5520


How do I install a certificate on Cisco ASA 5520
How do I install a Wildcard certificate on Cisco ASA 5520


To install a certificate into a Cisco ASA 5520 device, perform the following steps:

STEP 1: Download Certificate
  1. Download the certificate from the Trust Center, follow the steps from this link: SO8061
    Please select Apache as the server platform, and HTTP as the server version
  2. If the certificate was sent by email, copy the certificate embedded in the body of the email and paste it into a text file using Vi or Notepad.
    Do not use Microsoft Word or other word processing programs that may add characters. The text file should look like:

             [encoded data]
    -----END CERTIFICATE-----

    To follow the naming convention for Cisco, rename the certificate filename with the .crt extension. For example: public.crt

STEP 2: Download the Intermediate CA Certificate

  1. Download the Intermediate CA from the following solution: INFO657
    NOTE: If you downloaded the certificate from the Trust Center, it will include the intermediate file. Proceed to step 2 below.
    If you are unsure of which product you have purchased, please review the following solution: SO13499
  2. Open the Cisco ASDM, then Under the Remote Access VPN window pane, then in the Configuration tab, expand Certificate Management and click CA Certificates.

  1. Click the Add button.

  2. Assign a Trustpoint Name to the certificate (e.g. intermediate.crt), And select the Install from a file: radio button and browse to intermediate.crt. Click Install Certificate.

    You should then see the Certificate listed with the Trustpoint Name you assigned to it.


Step 2: Install your SSL certificate

  1. Under Remote Access VPN, expand Certificate Management > Identity Certificates.

    Select the identity you created for the CSR with the Expiry Date shown as pending and click Install, select yourdomain_com.crt and click Install Certificate. Once installed the Expiry Date will no longer show 'Pending.'

  2. The certificate now needs to be enabled. On the lower left, click Advanced > SSL Settings. Then, select the interface you want SSL enabled for and click Edit.

  3. On the next screen, click the drop-down menu and for Primary Enrolled Certificate select your certificate then click OK.


  4. The ADSM will then show your certificate details under trustpoint.

  5. To verify if your certificate is installed correctly, use the DigiCert SSL Checker.


Cisco ASA 5520

          For more information, see the Cisco Support website.