These instructions cover the process for setting up your DigiCert Code Signing certificate on an existing SafeNet eToken. There are two certificate delivery methods that necessitate this installation process:

  • Token + Shipping delivery method - DigiCert will send you your blank USB eToken in the mail.
  • Existing Token delivery method - you already own a compliant SafeNet eToken (e.g. from a previous order)

Please note that any old certificates already installed on your SafeNet eToken will be deleted during this installation process. You should not install a new certificate on an existing eToken that contains a certificate that you intend to continue using. 


  • You have received or are in possession of your SafeNet eToken
  • You have administrator permissions on your computer
  • You have a secure password manager

You may have received instructions which direct you to access a DigiCert CertCentral account for your eToken password. If you purchased your code signing certificate from a DigiCert partner like us, you do not have a DigiCert account and will not need access to CertCentral to be able to use your certificate. You can obtain the necessary software drivers and token password from your account with us.

USB Token Setup

When you are ready to install your code signing certificate on the SafeNet eToken, you should first navigate to your order dashboard and click the USB Token Setup button to access the installation instructions.

If you have not yet received your SafeNet eToken in the mail, you can access the shipment tracker from the USB Token Setup page.

1. Confirm Delivery

The first page of the Code Signing eToken setup instructions advises that you must be in possession of your eToken before you continue. As long as you have the SafeNet eToken on hand, you can click Next. 

If you have not yet received the USB token, you can access the shipping tracker link here.

2. Download Applications

The Code Signing eToken installation requires two software downloads:

  1. SafeNet Authentication Client
  2. DigiCert Hardware Certificate Installer

Download both of these files on this page. When you are ready to proceed, check the box next to "I'm ready to install my certificate" and click Next.

3. Retrieve Initialization Code

Follow the steps outlined on this page. Here is where you can Retrieve the Initialization Code for the certificate, which must be entered during the first step of the DigiCert Hardware Certificate Installer process. Please make sure to copy and save this initialization code as it will only appear once. You should remain on this page when you run the DigiCert Hardware Certificate Installer.

4. Plugin eToken and Run DigiCert Hardware Certificate Installer

If you have not already plugged in the eToken to your PC, go ahead and plug it in when you run the Hardware Certificate Installer. 

The Certificate Installer software will immediately request your initialization code, so paste the code here and click Next.

5. Token Detection

The Token Detection page should confirm that your SafeNet eToken is plugged in. 

Check Re-initialize my token and permanently delete any existing certificates and keys and click Next.

6. Key Information

On the Key information page, make the appropriate selection. The standard options should be chosen unless you have specifically requested something other than RSA 4096.

RSA - standard

  1. Under Key Type, select RSA.
  2. Under Key Size/Curve Name, select 4096.

ECC Key Types - if requested

  1. Under Key Type, select ECC
  2. Under Key Size/Curve Name, select p-256 or p-384.

7. Token Setup

On the Token Setup page, do the following tasks:

  1. Add a Token Name.
    1. The token name is used to identify the eToken. This name is helpful when you have multiple eTokens.
  2. Create a Token Password.
    1. This password (sometimes called a token PIN) is required to access the certificates saved on the eToken. 
    2. Make sure to save this password in your password manager!

8. Administrator Password

You have the option to change the Administrator Password for the token in the SafeNet client.

We do not recommend changing the default administrator password, as the token will be permanently locked if that password is lost.

On the Administrator Password page, do one of the following tasks:

  1. If you have NOT changed the Administrator Password since receiving your eToken, leave Use factory default Administrator password checked and select Finish.
  2. If you have set a new Administrator Password in SafeNet, uncheck Use factory default Administrator password, enter the current Administrator Password, and select Finish.

9. Wait for Certificate Installation

Please be patient as the certificate installation process continues. Some of the steps may take several minutes to complete. Wait to remove the eToken until the whole process is completed. 

The steps will eventually all get checked off. When the installer confirms the installation was successful, you can close the software.

10. Check Token in SafeNet

Open the SafeNet Authentication client. You should see your token registered under the name you entered during the initialization process. 

To finish up the process, on the instructions website, check the box to confirm "I installed the certificate successfully & saved my password" and click Finish.

You are now ready to begin code signing!