The instructions referenced here have been derived from the URL below.
https://supportforums.cisco.com/document/11938476/installing-certificate-webvpn-without-csr-asa-843
You will need to create a certificate chain and call it root.crt
openssl pkcs12 -export -in star.mycompany.com_cert.pem -inkey star.mycompany.com_key.pem -certfile root.crt -out bundle.p12
Enter Export Password: [Enter your own generated password.]
Verifying – Enter Export Password: [Enter your own generated password.]
cat bundle.p12 | base64
# Take the output of the cat command and copy them into a text document. You will need to add end of line characters after about 200 characters.
# If you don’t do this, the terminal line is limited to a certain number of characters and the import will fail. It will fail with a generic error
# which makes it hard to determine why it failed.
On the ASA:
ASA(config)# crypto ca import star.mycompany.com pkcs12 secret
Enter the base 64 encoded pkcs12.
End with the word “quit” on a line by itself:
# BASE64 OUTPUT from the cat command of bundle.p12 #
quit
% The CA cert is not self-signed.
% Do you also want to create trustpoints for CAs higher in
% the hierarchy? [yes/no]: yes
INFO: Import PKCS12 operation completed successfully
ssl trust-point star.mycompany.com outside