SafeNet eTokens for CodeSigning are reinforced with a few security measures that are meant to prevent certificate misuse and abuse. That means that it is possible through user error to lock yourself out of your code signing token, or to delete the certificate and key, rendering it unusable.
If you do get locked out of your token or delete the certificate, there is a very high chance that your only option will be to replace the token entirely. We cannot guarantee the replacement will be free of charge.
Please be aware of these common errors that can break your code signing token, and take great care when using the certificate to avoid locking it up for good.
Using the SafeNet User Guide
The SafeNet User Guide may be useful in managing your token in some cases, but it also includes instructions for operations that may result in locking the token or deleting the certificate.
You may follow the SafeNet User Guide instructions for these operations:
- Selecting the Active Token
- Viewing and Copying Token Information
- Logging On to the Token as a User
- Changing the Token Password
Do NOT attempt the following operations under any circumstances:
- Deleting Token Content
- Importing a Certificate to a Token
- Exporting a Certificate from a Token
- Clearing a Default Certificate
- Deleting a Certificate
- Logging On to the Token as an Administrator
- Changing the Administrator Password
- Unlocking a Token by the Challenge-Response Method
- Setting a Token Password by an Administrator
Please contact Sectigo technical support immediately if you are forced to enter an administrator password or challenge-response code for your code signing certificate. Our support team is not able to troubleshoot these issues.
Chat or make a case with Sectigo technical support here: https://www.sectigo.com/support
Token Password vs. Administrator Password
There are two different passwords set on your code signing token. The Token Password is used to logon to the token as a user, and is initially provided in an email to the certificate administrator. This password may be changed by the user, so it is recommended to use a password manager or keep track of the password however you prefer so that it does not get lost.
The Administrator Password is set by the Certificate Authority when the certificate is installed on the token. The Administrator Password is unique to the CA, and is never shared with the end-user, so you will not find this password listed online or in any user guides (although you may find other administrator passwords that are not correct for your token).
Please do not attempt to enter any administrator password or make any changes to the administrator password, as this will lock your token. Only Sectigo technical support can assist with the administrator password.
Token Password Attempts
You have a limited number of attempts to enter your token password before the token will be locked. Both the maximum number of tries and the number of tries remaining are displayed in your token details. Please watch out for how many tries you have left so you don't accidentally lock the token.
To reset the number of attempts, you must re-log on to the token. We recommend safely removing the token from your PC and plugging it in again. However, it may be safer to make a case with Sectigo technical support for assistance if you have lost the token password.