Cisco VPN Error 31 Certificate Won't Install

Written by george garza
  • Share
  • Tweet
  • Share
  • Pin
  • Email
Cisco VPN Error 31 Certificate Won't Install
Authentication through client and root certificates is possible. (Security and antivirus vector icons image by Aleksandr Lukin from

A certificate is a data file issued by a certification authority (local or remote) to an individual or organisation to identify them for online services purposes. On a network, the need to identify the user is always paramount. To overcome that problem an organisation may apply for a certificate of authentication. The certification authority (CA) will keep one part of the certificate on hand and release another part to the organisation. When it comes time to authenticate a person's identity, the organisation requests a certificate from the CA. If the two parts match, then they have authenticated the user. According to Cisco, error 31 describes a certificate associated with a virtual private network (VPN) and this certificate no longer exists.

Skill level:

Other People Are Reading


  1. 1

    Click the "Start" icon in the lower left of the screen, select "Programs" and click "Cisco Systems Inc VPN client" followed by "Certificate Manager." This launches the VPN Client Certificate Manager program in order to get a new certificate.

  2. 2

    Click the "Personal Certificates" tab. Enter the password you intend to use to protect the certificate. For the enrolment type, select "File." This will prompt you for a file name; type "Client1.req."

  3. 3

    Choose the "Base 64 encoded" radio button for the type of enrolment file. Fill out the enrolment form, and click "Next" and "Finish" when the enrolment form is complete. This will put you back in the VPN Client Certificate Manager.

  4. 4

    Select the "Enrollment Requests" tab. Call up the CA server and select "Request a certificate" and "Advanced request." Now select the radio button, "Submit a certificate request using a base 64 encoded PKCS #10 file or a renewal request using a base 64 encoded PKCS #7 file." Click "Next" where the VPN client certificate request information appears.

  5. 5

    Highlight the VPN client request file, press "Ctrl" + "C" to copy it and paste it to the CA server under Saved Request. Then click "Submit."

  6. 6

    Go to the CA server, select "Pending requests," then select "All tasks" and "Issue." This produces the root and identity certificates. Download them to the VPN client; select the radio button "Check on a pending certificate." Follow that with "Base 64 encoded." Now you can download the CA certificate from the CA server. Save the file; type "client-certificate." The file type is security certificate.

  7. 7

    Choose the root certificate file to download from the "Retrieve the CA Certificate or Certificate Revocation List" page. Type "client-root-certificate" and click "Save." Note: A client certificate authenticates a network client; the CA signs it. On the other hand, a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority. In other words, the client certificate identifies the client; the root certificate identifies the CA.

  8. 8

    Select "Certificate Manager," select "CA Certificate," then select "Import" and type or select the "client-root-certificate." This imports the root certificate.

  9. 9

    Select "Certificate Manager," then "Personal Certificates" followed by "Import." This imports the client certificate. Now both the root and client certificates are on the system. Error 31 will not appear any longer.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.