What is AutoInstall SSL™?

A server agent that automates your entire SSL certificate lifecycle. You set it up once, and it takes care of every step from there. At SSL Dragon, it is sold as a bundle with domain validated (DV) certificates from RapidSSL or GeoTrust.

How AutoInstall SSL™ Works

Install the agent with one terminal command, run the certificate install command with your token, and you’re done. The full four-step walkthrough is in “How AutoInstall SSL™ Works” above.

Which SSL certificates are compatible?

The tool supports single-domain and wildcard DV certificates from RapidSSL and GeoTrust. SSL Dragon offers four bundles: RapidSSL Standard + AutoInstall, RapidSSL Wildcard + AutoInstall, GeoTrust QuickSSL Premium + AutoInstall, and GeoTrust QuickSSL Premium Wildcard + AutoInstall.

What servers and operating systems are supported?

Linux (Ubuntu, Debian, CentOS) with Apache or NGINX, and Windows Server (2016–2025) with IIS. Server-level access via SSH or RDP is a prerequisite. Cloud VMs from AWS, Azure, GCP, and DigitalOcean are all compatible. Full details are listed in “Supported Platforms and Servers” above.

Does it work with shared hosting?

No. Shared hosting lacks the server-level access the agent depends on. It works only where you have root or admin privileges. See “Environments Not Supported” above, or visit our SSL installation guides for manual setup options.

How is AutoInstall SSL™ different from Let’s Encrypt or Certbot?

The key differences are warranty coverage (up to $500,000), a CA-issued site seal, 24/7 support, and a managed agent that requires no ongoing maintenance. The full side-by-side breakdown is in the comparison section above. SSL Dragon’s ACME SSL Certificates page covers the alternative protocol-based approach.

How much do the bundles cost?

Starting at $23/yr (RapidSSL Standard + AutoInstall) up to $285/yr (GeoTrust QuickSSL Premium Wildcard + AutoInstall). Every bundle includes both the certificate and the automation agent for one year. See all four options in the pricing section above.

Why is SSL certificate automation becoming necessary?

Maximum certificate validity is dropping to 200 days (March 2026), 100 days (2027), and a 47-day maximum (2029) under Ballot SC-081v3. Domain validation reuse shrinks to 10 days on the same schedule. Renewing by hand at that frequency is unsustainable.

Are wildcard certificates supported?

Yes. Both the RapidSSL Wildcard + AutoInstall and GeoTrust QuickSSL Premium Wildcard + AutoInstall bundles cover unlimited subdomains on a single level (for example, shop.example.com, mail.example.com, app.example.com). Wildcard certificates require DNS-based validation, which the agent handles automatically for supported DNS hosts.

Can I switch if I already have an SSL certificate from another provider?

Yes. The bundles include a new SSL certificate alongside the automation agent. If you currently hold a certificate from another provider, you can transition when your existing certificate comes up for renewal. Once configured, the agent manages all future renewals on its own.

Install an SSL Cert on Pulse Secure SSL VPN

Last updated on June 11th, 2026 by Denis Graur

This guide gives you step-by-step instructions on how to install an SSL certificate on Pulse Secure SSL VPN, now known as Ivanti Connect Secure.

A note on naming: Pulse Secure was acquired by Ivanti, and the VPN appliance was rebranded. Pulse Connect Secure is now Ivanti Connect Secure (ICS), and the desktop app you may have called Pulse Secure is now the Ivanti Secure Access Client. The admin console and the certificate workflow are the same, so these steps apply whether your appliance still shows the Pulse Secure branding or the newer Ivanti Connect Secure branding.

Generate a CSR code on Pulse Secure

If you have already generated the CSR code and received the SSL certificate by email, feel free to skip Part 1 and jump straight to the installation.

Creating a CSR (Certificate Signing Request) is part of the SSL certificate application process. The CSR is a block of encoded text that contains your contact details, the domain you want to secure, and the organization that owns it. When you generate the CSR, the appliance also creates your private key, which you will need later during installation.

You have two options:

Use our CSR Generator to create the CSR automatically.
Follow our step-by-step tutorial on how to generate a CSR in Pulse Secure.

Submit the CSR to your Certificate Authority during the order. Once the CA validates it and issues your certificate, continue with the installation below.

Install an SSL certificate on Pulse Secure

After the CA signs your certificate and sends the files to your inbox, download the ZIP archive and extract its contents on your computer. The exact steps below depend on where you generated the CSR, so follow the path that matches your situation.

If you generated the CSR on Pulse Secure

Log in to your Pulse Secure / Ivanti Connect Secure admin console.
Navigate to System > Configuration > Certificates > Device Certificates.
Under Certificate Signing Requests, click the Pending CSR link that corresponds to the certificate you want to install.
At the bottom of the new window, in the Import signed certificate section, click Browse and select the certificate you downloaded (in PKCS#7 or DER format).
Click Import.

Tip: after you import a certificate this way, save a copy of your system configuration. Go to Maintenance > Import/Export > Import/Export Configuration and click Save Config As to download the system.cfg file. This backup lets you restore the certificate and its private key if you ever need to.

If you did not generate the CSR on Pulse Secure

If you created the CSR elsewhere (for example, with our CSR Generator), you will import the certificate together with its private key:

From the status page of your certificate, click the View certificate button.
In the new window, select the desired certificate format (PKCS#7, for example) and download the certificate.
Navigate to System > Configuration > Certificates > Device Certificates and click Import Certificate & Key.
Choose how your files are packaged, then fill in the fields:
- Certificate file: the signed certificate you downloaded.
- Private key file: the key you generated with the CSR.
- Password: the key or PKCS#12 password, if your file is protected by one.
Click Import.

Note: if the certificate and key are combined in a single PKCS#12 file (.pfx or .p12), select that option on the import page and you only need to supply the one file plus its password.

Import your intermediate certificate

To present a complete chain that browsers and clients trust, import the intermediate (CA) certificates:

In the admin console, select System > Configuration > Certificates > Trusted Client CAs (on older builds this may be labeled Intermediate CAs).
Click Import CA Certificate and browse to your intermediate certificate file.
Click Import Certificate.
If you have more than one intermediate certificate, repeat the process for each. Installing them in descending order (root first, then each sub-CA) gives the most reliable chain.

Assign the certificate to your Virtual Ports

The final step is to bind your new certificate to the ports that serve VPN traffic, typically your internal and external ports:

In your list of device certificates, double-click the old certificate you are replacing.
Unbind it from any ports it is assigned to, then click Save Changes.
Back in the list, double-click the new certificate.
Select and add the relevant internal and external ports, then click Save Changes.

Congratulations, you have successfully installed your SSL certificate on Pulse Secure / Ivanti Connect Secure SSL VPN.

Test your SSL installation

After you install the certificate on Pulse Secure SSL VPN, run an SSL scan against your VPN’s public hostname to check for configuration errors or vulnerabilities. A scan will confirm that the certificate is served correctly and that the intermediate chain is complete. For more details, see our SSL Checker for testing an SSL certificate.

Where to buy the best SSL certificate for Pulse Secure?

SSL Dragon is a reputable SSL vendor with impeccable customer support. We’ve built strong partnerships with the best Certificate Authorities on the market to offer affordable prices across our entire range of SSL products. All our certificates are compatible with Pulse Secure / Ivanti Connect Secure SSL VPN.

Get an SSL certificate now

Frequently Asked Questions

Is Pulse Secure the same as Ivanti Connect Secure?

Yes. Ivanti acquired Pulse Secure and rebranded the products. The Pulse Connect Secure VPN appliance is now Ivanti Connect Secure, and the Pulse Secure desktop client is now the Ivanti Secure Access Client. The admin console and the certificate installation workflow are unchanged, so these instructions apply to both the Pulse-branded and Ivanti-branded versions.

Where do I import the SSL certificate on Pulse Secure?

Log in to the admin console and go to System > Configuration > Certificates > Device Certificates. If you created the CSR on the appliance, open the matching Pending CSR and import the signed certificate. If you created the CSR elsewhere, click Import Certificate & Key and upload the certificate and private key (or a single PKCS#12 file).

What certificate file format does Pulse Secure accept?

Pulse Secure / Ivanti Connect Secure accepts standard formats. When importing a signed certificate into a pending CSR, you can upload PKCS#7 or DER files. When importing a certificate with its key, you can supply separate certificate and key files or a combined PKCS#12 file (a .pfx or .p12), optionally protected by a password.

Do I need to import the intermediate certificate?

Yes. A missing intermediate (CA) certificate is the most common cause of “untrusted certificate” warnings on Pulse Secure / Ivanti Connect Secure. After importing your device certificate, add the intermediate certificate(s) under Certificates so the appliance presents a complete chain. If your CA provides several intermediates, import them in descending order.

How do I activate the new certificate on the VPN?

Importing a certificate does not switch it on by itself. You must bind it to your Virtual Ports. Double-click the old certificate and unbind it from its ports, then double-click the new certificate and assign your internal and external ports to it. Click Save Changes after each step.

Bottom line

Installing an SSL certificate on Pulse Secure (Ivanti Connect Secure) comes down to importing your certificate under System > Configuration > Certificates > Device Certificates, adding any intermediate certificates so the chain is complete, and binding the new certificate to your internal and external Virtual Ports.

Need a certificate first? Browse our SSL certificates.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Order Now

Written by Denis Graur

I've been building and managing websites for over 20 years, with a heavy focus on the technical side of the cybersecurity, VPN, and SaaS industries. I know how sites are built from the ground up, which means I know how to secure them. Here at SSL Dragon, I write about web architecture, encryption, and keeping your infrastructure safe.

How to Install an SSL Certificate on Pulse Secure SSL VPN