Jun 24, 2025
OVERVIEW: This page walks you through the process of downloading and installing your GlobalSign Qualified Certificate for Electronic Signature and/or Electronic Seal. At the completion of this procedure, your Certificate will be ready to place signatures on documents or transactions. |
During the ordering process, you were given an option to choose the key generation method you prefer for your Qualified certificate. Based on your selection, install your GlobalSign Qualified Certificate with the following guidelines:
IMPORTANT: GlobalSign-provided eToken is mailed to you upon ordering GlobalSign's Qualified Certificate for Electronic Seal and/or Electronic Signature. For Qualified Certificates, the correct Qualified Signature Creation Device (QSCD) which is the SafeNet eToken 5110 cc should be used. Ensure that you have your eToken handy before proceeding with the process. This implementation has two key generation methods: Enrollment with Fortify and Download using Internet Explorer (IE) Compatibility Mode. |
IMPORTANT: If you selected the Enrollment with Fortify as key generation method during the ordering process, proceed with install your certificate using Fortify. Otherwise, you need to cancel your current order and reorder to change your selection. |
Approved and vetted GlobalSign Qualified Certificate.
GlobalSign-provided SafeNet eToken. Depending on your need, do the following actions:
For New Orders
• Download and install SafeNet Authentication Client drivers.
• Initialize SafeNet eToken. This is a requirement when setting up the SafeNet eToken for the first time.
For Renewals and Reissues
• You may still use compatible and existing SafeNet eTokens as long as it meets the required supported key size.
IMPORTANT: If the supported key size of your current token is not compatible with Qualified Certificate, request for a new token during the renewal/reissuing process. |
• If your eToken is still compatible and you do not want to make any changes with your current token password, initializing your eToken is not required. You may proceed with the guidelines.
WARNING: Initializing your eToken will delete all certificates currently installed there and they will have to be reissued and installed again. |
For Certificate pickup, you must have access to a Windows PC to proceed. Once the Certificate is installed and stored in the removable device, you may sign from other platforms such as OS X. You are also required to open the pickup link in Microsoft Edge with IE Compatibility Mode enabled, then continue with the guidelines.
Open the pickup link from your e-mail in Microsoft Edge with IE Compatibility Mode enabled.
Enter the Temporary Pickup Password that was set at the time of ordering and click Next to continue.
In the Web Access Confirmation prompt, click Yes to allow digital certificate operations.
In the Install Certificate window, choose one from the Cryptographic Service Provider drop-down options:
• If you want to install the GlobalSign-provider SafeNet eToken, select eToken Base Cryptographic Provider
• If you want to install a private-owned smart card, select Microsoft Base Smart Card Crypto Provider
Then, tick the box to agree to the subscriber agreement and click Next.
Insert your SafeNet USB token into your computer.
WARNING: The screen may appear to freeze for a minute or two. DO NOT press any button on your browser until the process is complete as it will interrupt the progress. There should be a blinking light from your eToken and a message in the screen reminding to wait for a while. |
IMPORTANT: For Reissues, if you wish to use your existing SafeNet eToken and you do not want to make any changes with your current token password, initializing your eToken is not required. However, you will need to remove the expired certificate in the token to use the new certificate. Ensure that you have installed the new certificate correctly before removing the old one. Then, follow the same process. |
IMPORTANT: If you selected the Download using Internet Explorer (IE) Compatibility Mode as key generation method during the ordering process, proceed with install certificate using Microsoft Edge in IE Compatibility Mode. Otherwise, you need to cancel your current order and reorder to change your selection. |
Approved and vetted GlobalSign Qualified Certificate.
GlobalSign-provided SafeNet eToken. See eToken related prerequisites above.
Downloaded and installed Fortify App in your operating system. Ensure that you meet the following system requirements:
• Browsers supported by Fortify: Microsoft Edge, Safari, Firefox and Chrome
• OS supported by Fortify: MAC OS 10.12 or higher, Windows 7 or higher, and Ubuntu 16.04 or higher
For Certificate pickup, you must have access to a Windows PC to proceed. Once the Certificate is installed and stored in the removable device, you may sign from other platforms such as OS X.
A pop-up window for the authorization of code will appear on the Access Permission and on Fortify Authorization. If the both codes matched, click Approve to continue.
In the Create Certificate Request or Self-Signed Certificate window, review the DN or Certificate Identity Detail Information. Then, click Create to continue. Note: If you haven't yet, make sure that your eToken is plugged in to your computer at this point.
A pop-up window will appear, then enter the token password. Note: Please wait for a while as it will take a few seconds to process.
On the Install Certificate window, under Select Provider, select the token that you setup (as a prerequisite). Then, click Start to proceed.
IMPORTANT: For Reissues, if you wish to use your existing SafeNet eToken and you do not want to make any changes with your current token password, initializing your eToken is not required. However, you will need to remove the expired certificate in the token to use the new certificate. Ensure that you have installed the new certificate correctly before removing the old one. Then, follow the same process. |
Check your certificate installation for SSL issues and vulnerabilities.