Articles in Root

Troubleshooting Qualified Certificate Installation


Sometimes, you may run into some issues with installing a Qualified Certificate. Below are some of the things to check if you run into any installation issues:


Root certificate not installed: If the Qualified Certificate will not install into your token, then check to see that the Root Certificate has been installed and trusted in the Windows Certificate Store on the client machine first and try to install your certificate again.


The link to obtain your Qualified Certificate shows a download page that contains the end entity certificate, intermediate and root certificates: This is not the correct page to install the certificate onto your token and usually happens when the provided link in the email isn't complete or is incorrectly copied. When this happens, Trust/Link will display its ‘Digital Certificate Holders’ portal which may not contain your Qualified Certificate installation.


Token is full or doesn’t do 2048 bit keysize: Check to make sure that your token has not reached its maximum certificate capacity. The SafeNet iKeys and eTokens can only hold so many certificates. Try to delete some of your older certificates off of the token and attempt the install again.


Token is not initialised: When you first receive your token, you should initialise it to wipe its contents and set a password to access any certificates on the token.


Using the incorrect browser: The only browser that Trust/Link currently supports for loading a Qualified Certificate onto a token is Internet Explorer (NOT Microsoft Edge). Other browsers do not support the cryptographic functions to load a certificate directly onto a token. Be careful with Microsoft Edge as many users will confuse this with Internet Explorer (as Edge is default on Windows 10).


Certificate has been installed onto token but is not picked up by Belgium signing tool: If this happens to you then you may need to downgrade your SafeNet Authentication Client to version 10.3. Please contact QuoVadis Support for a download Link.


Certificate is not showing in the personal store: If your certificate has installed correctly onto the token but is still not working, check to see if it shows up in the personal certificate store when the token is plugged in. If the certificate is seen in the ‘Other People’ store, check to see if it has a private key associated with it?  Check the serial number to make sure it’s the correct certificate.  You may need to log into the computer as the person who owns the certificate.


Signing XML files: QuoVadis issued Qualified Certificate that are installed onto tokens can be used for signing using the European DSS tool.  To see how to do this, please view the document found at