Ask a Question

Advanced Search

Solution ID : SO25661

Last Modified : 06/12/2019

Installation Instruction for Cisco ASA 5520


This document provides instructions for installing SSL certificate on Cisco ASA 5520 device.
Step 1. Download the SSL Certificate & Intermediate CA Certificate
  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you downloaded contains the following certificates:
    • SSL certificate (i.e. ssl_certificate.crt, also known as end entity certificate, public key certificate, digital certificate or identity certificate).
    • Intermediate CA certificate (i.e. IntermediateCA.crt, also known as chained certificate or signer/issuer of the SSL certificate).
  3. Unzip the files onto the server where you will install the certificate.

Step 2: Install the Intermediate CA Certificate

  1. Open the Cisco ASDM, under the Remote Access VPN window pane > Configuration > Certificate Management, and click CA Certificates.

  2. Click the Add button.

  3. Assign a Trustpoint Name to the Intermediate CA certificate (i.e. IntermediateCA.crt, as described in Step 1), select the Install from a file: radio button and browse to IntermediateCA.crt certificate file. Click Install Certificate.

    The certificate is listed within the Trustpoint Name you assigned.

Step 2: Install the SSL Certificate
  1. Locate the SSL certificate (i.e. ssl_certificate.crt, as described in Step 1) you downloaded on the server.

  2. Under Remote Access VPN, expand Certificate Management > Identity Certificates.

  3. Select the identity you created for the certificate signing request (CSR) with the Expiry Date shown as pending and click Install

  4. Select the SSL certificate file (i.e. ssl_certificate.crt, as described in Step 1) and click Install Certificate. Once installed the Expiry Date will no longer show 'Pending.'

  5. The SSL certificate now needs to be enabled. On the lower left, click Advanced > SSL Settings. Select the interface you want SSL enabled for and click Edit.

  6.  On the next screen, click the drop-down menu and for Primary Enrolled Certificate select your certificate. Click OK.


  7. The ADSM will then show your certificate details under trustpoint.

If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Cisco ASA 5520.

Step 3: Verify certificate installation

  1. Verify your installation with the DigiCert Installation Checker



          For more information, see Cisco Support website.