Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Client 3.6(3) using digital certificate provided by MS Certificate Server

Hello everyone,

I try to establish an IPSec tunnel between a VPN 3000 Concentrator and a Cisco VPN client 3.6(3) using digital certificates.

I use Microsoft Certificate Server (W2K) to deliver root certificates and identity certificates.

I have installed the CA certificate and the Identity certificate on the VPN Concentrator without encountering any problems.

I have installed the CA certificate on the VPN Client. And the root certificate is valid.

But when I install the personal certificate I have an error message saying : "Certificate signature is not valid" when I verify the validity of the certificate (by clicking on the verify button).

I found the explanation of that message . It says that I don't have the CA certificate or that the CA certificate that I have may be expired.

I have checked the validity of the CA certificate and it is OK.

So, I don't understand why I have that kind of message.

I tried with another version of the Cisco VPN Client , a 3.5(1) version. But I still have the same problem.

Have you already encountered that problem ?

Thank you for your help,

Best Regards,



Re: Client 3.6(3) using digital certificate provided by MS Certi

Hi Latifa,

As pointed out by you, the message "Certificate signature is not valid" indicates that there is no CA certificate or the certificate has expired. Since you already checked the validity of your cert, I think it might be best to have new certificates issued, if that is possible. Short of that, you could recheck to confirm if the personal certificte has been saved in the Cisco store.

CreatePlease to create content