Cisco ASA – Cannot Enable Third Party Certificate (9.4 and later)

KB ID 0001106


I installed a third party certificate for a client on their ASA (from Digicert). And followed my usual procedure. I enabled it on the outside interface and tested AnyConnect, it wasn’t working.

ASA certificate

The ASA refused to present anything other than its self signed certificate.


This is because after 9.4 the ASA will automatically present a certificate that has an elliptical curve cipher. Even if the ASA has a configured Truspoint (based on RSA).

To rectify this you need to execute the following command;

Petes-ASA> enable
Password: ********
Petes-ASA# configure terminal
Petes-ASA(config)# ssl cipher tlsv1.2 custom

Providing you enabled the certificate correctly, it should work straight away.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On