Cisco VPN Error 31 Certificate Won't Install


A certificate is a data file issued by a certification authority (local or remote) to an individual or organization to identify them for online services purposes. On a network, the need to identify the user is always paramount. To overcome that problem an organization may apply for a certificate of authentication. The certification authority (CA) will keep one part of the certificate on hand and release another part to the organization. When it comes time to authenticate a person's identity, the organization requests a certificate from the CA. If the two parts match, then they have authenticated the user. According to Cisco, error 31 describes a certificate associated with a virtual private network (VPN) and this certificate no longer exists.

  • Click the "Start" icon in the lower left of the screen, select "Programs" and click "Cisco Systems Inc VPN client" followed by "Certificate Manager." This launches the VPN Client Certificate Manager program in order to get a new certificate.

  • Click the "Personal Certificates" tab. Enter the password you intend to use to protect the certificate. For the enrollment type, select "File." This will prompt you for a file name; type "Client1.req."

  • Choose the "Base 64 encoded" radio button for the type of enrollment file. Fill out the enrollment form, and click "Next" and "Finish" when the enrollment form is complete. This will put you back in the VPN Client Certificate Manager.

  • Select the "Enrollment Requests" tab. Call up the CA server and select "Request a certificate" and "Advanced request." Now select the radio button, "Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file." Click "Next" where the VPN client certificate request information appears.

  • Highlight the VPN client request file, press "Ctrl" + "C" to copy it and paste it to the CA server under Saved Request. Then click "Submit."

  • Go to the CA server, select "Pending requests," then select "All tasks" and "Issue." This produces the root and identity certificates. Download them to the VPN client; select the radio button "Check on a pending certificate." Follow that with "Base 64 encoded." Now you can download the CA certificate from the CA server. Save the file; type "client-certificate." The file type is security certificate.

  • Choose the root certificate file to download from the "Retrieve the CA Certificate or Certificate Revocation List" page. Type "client-root-certificate" and click "Save." Note: A client certificate authenticates a network client; the CA signs it. On the other hand, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority. In other words, the client certificate identifies the client; the root certificate identifies the CA.

  • Select "Certificate Manager," select "CA Certificate," then select "Import" and type or select the "client-root-certificate." This imports the root certificate.

  • Select "Certificate Manager," then "Personal Certificates" followed by "Import." This imports the client certificate. Now both the root and client certificates are on the system. Error 31 will not appear any longer.

Related Searches


  • Photo Credit Security and antivirus vector icons image by Aleksandr Lukin from
Promoted By Zergnet


You May Also Like

Related Searches

Check It Out

Geek Vs Geek: Robot battles, hoverboard drag race, and more

Is DIY in your DNA? Become part of our maker community.
Submit Your Work!