Solution

Learn how to set up and install a certificate on your eToken.

Before you begin

Before you begin, make sure you meet these prerequisites:

• DigiCert provided eToken: SafeNet 5110 CC or SafeNet 5110 FIPS
• Access to your certificate's Order details page in CertCentral.  
• Administrator permissions on your computer. 
• Secure password manager. 

Important: This process will require you to supply multiple passwords. If you incorrectly enter a password or lose a password, you can permanently disable your eToken. We recommend using a secure password manager to track the passwords used for initializing your eToken.  

Passwords 101 

The SafeNet eToken uses the following passwords: 

• Administrator Password: The default Administrator Password is “0” 48 times as provided by the manufacturer. If lost, you are permanently locked out of the eToken and you must purchase a new one. DigiCert does not set up this password.
• Token Password: Used to access the eToken certificate store. If lost, you can reset the eToken and reinstall the certificate. 

• Personal Unlocking Key (PUK): Default PUK is 000000. DigiCert does not use the PUK in our process.

Warning: The SafeNet eToken uses multiple passwords for authentication. If an Administrator Password is entered incorrectly five times, the eToken is permanently locked.  

Initialize your eToken 

1. Log in to your CertCentral account and access the certificate's Order details page.
   In the sidebar menu, go to Certificates > Orders. On the Orders page, click the certificate's Order #.
2. On the Order details page, in the Certificate Actions dropdown, select Initialize Token. 
   
   
   
3. On the Initialization page, check your tracking information.
   Only after you have physically received your DigiCert provided eToken should you check I have received the hardware token and click on Submit to confirm.
   
   
   
4. Copy your preassigned Token password and store it in a safe place.
   Warning: Your preassigned password will only be visible once. Make sure to take note of this password so you can access the certificate on your eToken. 
   
   
   
   
   
5. On the confirmation page, click the link to download the SafeNet Drivers.
6. Now you are ready to install the SafeNet Drivers.
   To learn how to install the needed drivers, see our Install the SafeNet Drivers instructions.
   

Change the Token Password

Remember this is the password used to access the eToken certificate store.

1. Open the SafeNet Authentication Client, connect the eToken to your computer.
2. On the top of the page, right click the cog icon (Configuration button).
   You should now see the eToken listed on the left of the page. 
3. Right click on the token name and select Change Password. 
   
   
   
4. Enter your Current Token Password (from the Initialization page) and enter in a new password.
   Note the complex requirements.
   
   
   
5. Save the Token password in your Password Manager. 
6. Click OK.
   You can now use the eToken to sign code.

Reissue your Certificate (Lost Token Password)

If you have lost your Token Password, you can reinitialize the eToken and create a new Token store and new certificate.

Reissue certificate

Before you can reinitialize your Token Password, you must reissue your certificate.

• Reissue or re-key an EV Code Signing certificate
  
• Rekeying Your DigiCert Document Signing Certificate

Re-initialize eToken

1. Log in to your CertCentral account and access the certificate's Order details page.
   1. In the sidebar menu, go to Certificates > Orders. On the Orders page, click the certificate's Order #.
2. On the Order details page, in the Certificate Actions dropdown, select Install Token. 
   
   
   
3. Click the URL and download the DigiCert Hardware Certificate and unzip the file. 
4. Copy the initialization code from your order page and open the DigiCert Hardware Certificate Installer.
   
   
   
5. Paste in the initialization code and click Next. 
6. Connect your token. Select the option to Re-initialize your eToken. 
   1. If you are installing an alternate chain or key type and wish to keep your current certificate intact, leave the Re-initialize option unchecked.  
      
      
      
7.  Select your key type/chain and click Next.
   1. Token support: See our Code signing changes 2021 KB article.  
      
      
      
8. Enter in a Token Name, a new Token Password, and click Next.  
   
   
   
9. IMPORTANT TO READ THIS:  
   1. If you have NOT changed the Administrator Password since receiving your token, leave the box checked and click Finish. 
   2. If you have set a new Admin Password (this is done outside of DigiCert Support through the SafeNet client), uncheck the box and enter in the current Administrator Password and click Finish. 
      
      
      
10. Wait.
    1. When generating an RSA 4096 key there will be a delay. Be patient and let the process complete.
       
       
       
11. When the process has completed, click Close.
    
    
    
12. You can now use your eToken to sign code. 

Troubleshooting 

Token appears as “SafeNet Token JC 0” 
Your eToken has been permanently disabled due to incorrect password attempts. Please contact our support team to order a new eToken.  
  

Lost your Administrator password?  
The administrator password is required to reset the device and is unrecoverable. Please contact our support team to order a new eToken. 

Note: The manufacturer sets this password, not DigiCert.

Lost your Token password? 
The Token password is used to access the eToken certificate store. If lost, you can reset the eToken. If you have the Administrator Password, see the Lost Token instructions above.