You can add certificates from the device's local web interface. Alternatively, you can add certificates by running API commands. To see which commands allow you to add certificates, see .

Service certificates and trusted CAs

Certificate validation may be required when using TLS (Transport Layer Security). A server or client may require that the device presents a valid certificate to them before communication is set up.

The certificates are text files that verify the authenticity of the device. These certificates must be signed by a trusted certificate authority (CA). In order to verify the signature of the certificates, a list of trusted CAs must reside on the device. The list must include all CAs needed in order to verify certificates for both audit logging and other connections.

Certificates are used for the following services: HTTPS server, SIP, IEEE 802.1X, and audit logging. You can store several certificates on the device, but only one certificate is enabled for each service at a time.

Previously stored certificates are not deleted automatically. The entries in a new file with CA certificates are appended to the existing list.

For Wi-Fi connection

We recommend that you add a trusted CA certificate for each Cisco Webex room or desk device or Webex Board, if your network uses WPA-EAP authentication. You must do this individually for each device, and before you connect to Wi-Fi.

To add certificates for your Wi-Fi connection, you need the following files:

  • CA certificate list (file format: .PEM)

  • Certificate (file format: .PEM)

  • Private key, either as a separate file or included in the same file as the certificate (file format: .PEM)

  • Passphrase (required only if the private key is encrypted)

The certificate and the private key are stored in the same file on the device.

If authentication fails, the connection will not be established.


From the customer view in , go to the Devices page, and select your device in the list. Go to Support and click Web Portal .

If you have set up a local Admin user on the device, you can access the web interface directly by opening a web browser and typing in http(s)://<endpoint ip or hostname>.


Navigate to Security > Certificates > Custom > Add Certificate and upload your CA root certificate(s).


On openssl, generate a private key and certificate request. Copy the content of the certificate request. Then paste it to request the server certificate from your certificate authority (CA).


Download the server certificate signed by your CA. Ensure that it is in .PEM format.


Navigate to Security > Certificates > Services > Add Certificate and upload the private key and the server certificate.


Enable the services you want to use for the certificate you just added.