Deploy it in a Configuration Profile. Add the "Certificate" payload into the profile, and you'll have an option to select the certificate (.cer or otherwise) from your device and add it to the profile. Set any of the other options in the payload you need to. It can then be scoped and pushed to any Macs you want.

Just keep in mind if the profile becomes removed from the Mac, the certificate will get removed as well. It's not the same as if it got installed manually or via a script, but I don't recommend going the scripted way anymore. Pushing it in a profile is easy, nearly instantaneous and sets the trust for the certificate properly.

We recently moved away from Cisco AnyConnect and its family of products. Thank god. I always found Ciscos documentation to be miserable and not maintained, and their support to be lacking. Which is egregious for the size of company Cisco is.

In any event, to deploy any certificate to macOS you would use a Configuration Profile.

Thanks, guys, for the help. I was able to deploy the cert using a configuration profile but somehow, i am not able to redeploy it if the cert has been deleted from the machine. I have tried both smart group and manual device add but if the cert is deleted, it does not redeploy. The distribution method is set as install automatically.

To redeploy a cert that was deployed from a profile if it was deleted, you need to remove the Mac from the scope of the profile and then re-add it. Easiest way to do this is to add the Mac to the Exclusion tab in the scope section, save, then, remove it from the exclusion and save again. In between these steps you might need to wait until the Mac has successfully removed the profile before removing it from the exclusion section. 

The other option is to repush it to all devices in scope. That would send the profile out again to all machines, even if they already have it.