Knowledge Base

Scenario

The token uses various passwords for authentication. If an Administrator Password or PUK is entered incorrectly 5 times, the eToken locks permanently. 

Solution

Before you begin:

• Get your DigiCert provided 5110 CC eToken
• Install the SafeNet Authentication Drivers
• Get a copy of your  eToken’s Administrator Password, available in CertCentral on your code signing certificate order page.
• Get a secure password manager.

Important: This process will require various password and incorrectly entering a password or losing a password can permanently disable your eToken. We recommend using a secure password manager to track the passwords used for initializing your eToken. 

Passwords 101

The 5110-CC uses the following passwords:

• Administrator Password: Used to manage the eToken. If lost, you are permanently locked out of the eToken and you must purchase a new one. This password is default on the device and ships as 48 "0"s (000000000000000000000000000000000000000000000000). 
  
  
• Token Password: Used to access the eToken certificate store. If lost, you can reset the eToken and install a new certificate. The shipped Token password is provided in the CertCentral portal and should be changed once the token is received. If the token was recently re-initialized and has an empty keystore, the default password is 1234567890.
  
  
• Personal Unlocking Key (PUK): Not used by DigiCert. Default PUK is 000000.
  
  

Warning: The eToken uses various passwords for authentication. If an Administrator Password or PUK is entered incorrectly 5 times, the eToken is permanently locked. 

Process:

1. Open the SafeNet Authentication Client, connect the eToken to your computer, and confirm that the client recognizes the eToken.
   Note: What do I do if it doesn’t recognize my eToken? 
   
   
   
   
2. On the top right click the cog icon (Configuration button). You should now see the eToken listed on the left side.
   
   
3. Right click on the eToken name and click “Initialize Token”.
    
   
   
   
4. In the Initialize Token – Initializing Options window, select “Preserve the token settings and policies" and click Next. 
   
   
   
   
5. In the Initialize Token – Administrator Logon window, enter the current Administrator Password (screenshot shown on step 6.)
   
   Note: The Default Administrator password is "0" typed out 48 times (see above). This is not changed by DigiCert. 
   
   
6. Check Use factory default digital signature PUK and enter 000000 and click Next.
   
   Note: The default PUK is 000000. 
   
   
   
   
7. In the Initialize Token – Password Settings window, create new passwords.
   • Create Token Password.
     Enter and confirm a new token password. This password is used to access the token certificate store.
     
     Note: If you lose this password, you can use the administrator password to reset the token and install a new certificate.
     
     
   • Uncheck Token password must be changed on first logon.
     
   • Create an Administrator Password. 
     Create and confirm a new administrator password. This password is used to manage the eToken. We recommend that you use the default password.
     This will not grant access to the certificate store. 
     Note: If you lose this password, new certificates may not be imported. You must purchase a new token.
     
   • Click Next. 
     
     
     
     
8. Save your passwords in a secure place, such as a password manager.
   
   
9. In the Initialize Token – IDPrime Common Criteria Settings window, create a new PIN and PUK for your token.
   These are not used typically although they can be used in place of the token and administrator passwords.
   
   Warning: Entering an incorrect PUK 5 times makes the token unusable and you will need to purchase a new one.
   
   
   • Click Next.
     
   • Save your PIN and PUK in a secure place, such as a password manager. 
     
     
     
     
10. Your eToken is initialized. You may now use the DigiCert Hardware Certificate Installer to install your code signing certificate on it. You can also import certificates as needed. 
    
    





Troubleshooting


Token appears as “SafeNet Token JC 0”
The token has been permanently disabled due to incorrect password attempts. Please contact our support team if you need to order a new eToken. 




Lost your Administrator password?
The administrator password is required to reset the device and is unrecoverable. Please contact our support team if you need to order a new eToken. The default password can be found above. 

Lost your Token password?
The Token password is used to access the eToken certificate store. If lost, you can reset the eToken if you have the administrator password by following this guide and then using the DigiCert Certificate Hardware Installer.