Greg's Tech blog

Cisco VPN Client problem

Monday 11 of May, 2009

My company uses Cisco VPN 5.x and Alladin eTokens for 2 factor authentication.
I was getting this error trying to use my token for vpn:
Error 32: unable to verify certificate.

Turning up logging in the VPN client dug up some more detail that said “Cert chain missing”

So I opened the certificate manager in IE (tools, Internet options, Content, Certificates). It listed my certificate in there under Personal.
I viewed the cert and it was listed as invalid.
Under Certification Path it showed the cert chain was failing for the Root CA.
There was, conveniently, an Import button. I pressed it and voila, the Root CA cert was imported.

I was then able to successfully login using the token.

(Note: If it matters, we have an Enterprise Root CA and an Intermediate CA in our network. All certs are issues from the intermediate)