Step 1: Export your certificate as, or convert it to, a pkcs12 format. If you need to do the latter, try:
openssl pkcs12 -export -out <pfx filename> -inkey <private key file> -in <public certificate file> -certfile <CA certificate bundle or intermediate certificate file used to sign your actual certificate>
Then you need to put it in base64 format to paste it in on the ASA CLI – copy/paste the entire next line including parentheses to do it:
( echo -----BEGIN PKCS12-----; openssl base64 -in <pfx file> ; echo -----END PKCS12-----; ) > <base64 file>
Step 2: Create a trustpoint on the ASA and import the certificate:
crypto ca trustpoint <trustpoint name>
enrollment terminal
fqdn <your anyconnect hostname here>
exit
crypto ca import <trustpoint name> pkcs12 <export password>