Manage Certificates

Certificates are used for various purposes in Secure Access, including:

  • Decryption required for threat detection in traffic to private resources
  • Decryption required for threat detection in traffic to internet resources
  • Presenting notification pages for blocked and warned internet destinations
  • Establishing trust between Secure Access and your identity providers for SAML authentication. For more information, see Certificates for SAML Authentication.
  • Authenticating users and devices in VPN connections. For more information, see VPN Certificates for User and Device Authentication.

Certificate Installation Methods

Certificate installation can be done on a per-browser or per-machine basis. For larger deployments, you can perform an automatic installation through Group Policy Objects (GPO). Note that the automatic installation through GPO is only supported for the Edge or Chrome browsers on Windows systems. As such, for Firefox or Safari browsers, and for users on non-Windows operating systems, you must perform the manual installation procedure.

You can also install a certificate automatically—through Active Directory Group Policy Objects—for a group of users in Microsoft Windows Active Directory. This automatic installation of a certificate is only supported for Edge or Chrome browsers on Windows systems. For all other browsers and systems, you must perform the manual installation procedure.

For more information, see Install the Cisco Secure Access Root Certificate.


Add a Do Not Decrypt List < Manage Certificates > Certificates for Internet Decryption