Menu

Initialize Safenet 5110 CC (940) eToken

Jun 13, 2025

IMPORTANT: This article walks you through the process of initializing the SafeNet 5110 CC (940) eToken for your Qualified Certificate. If you are using the earlier version of the SafeNet eToken, which commonly supports AATL Certificates, please refer to this guide instead.

Get Started

  • The initialization process is a requirement when:

    • Setting up the SafeNet Token for the first time. 
    • Setting up a new password for locked eToken or forgotten Token Password​​​​​​.

    WARNING: The SafeNet eToken requires multiple passwords for authentication. If the Administrator Password is lost, forgotten or entered incorrectly several times, the eToken will be permanently locked. See Password Specification guide for more information. 

  • Initializing your eToken will delete all certificates currently installed on the token. If you have existing certificates on the eToken, they will be removed permanently and you will have to reissue and install again. 

Prerequisites

  1. GlobalSign-provided USB Token. This is mailed upon ordering GlobalSign's Document, Email or Code Signing Certificate.

  2. Downloaded and installed SafeNet Authentication Client in your operating system. This tool is required to initialize your SafeNet USB token. 
    Note: The new Safenet eToken 5110 CC (940) requires v10.8-R8 or higher. 

Guidelines

  1. Insert your SafeNet USB token into your computer.

  2. Open the SafeNet Authentication Client Tools
  3. Click the Gear icon on the top right for Advanced View. This will redirect you to the next window. 

  4. Right-click on your token name and select Initialize Token.

  5. In the Initialize Token - Initialization Options window, choose Configure all initialization settings and policies. Then, click Next to proceed.

  6. In the Initialize Token - Administrator Logon window, do one of the following actions:

    • If you are initializing your token for the first time, tick the Use factory default administrator password box and the Use factory default digital signature PUK box.

    IMPORTANT: The default Administrator Password is "0" entered forty-eight (48) times and the default Digital Signature PUK is "000000"

    • If you have previously changed the Administrator password, enter the current password.

    Then, click Next

  7. In the Initialize Token - Password Settings window, create a new password for your token.

    Create a new Token Password. This password is required to access the token certificate store. Note: It is recommended to be updated.
    • If you DO NOT want to make any changes with the current token password next time you access the token, untick the Token password must be changed on first logon box. 

    Create a new Administrator Password. This password is used to manage the token. Note: It is possible, but not required to be updated.
    • If you DO NOT want to make any changes with the current administrator password, tick the Keep the current administrator password box. Otherwise, untick and enter a new password. 

    IMPORTANT: For first time users, it is strongly recommended to update the default token password to a private password for utmost security. It can be retrieved using the Administrator Password. Meanwhile, the default Administrator Password is recommended to be used instead of updating it as this will not give access to the certificate store. If lost, forgotten or entered incorrectly several times, the eToken will be permanently locked. For users who previously created their own password, it is recommended to be kept in a secure password manager for easier tracking. 

    Enter and confirm your new password. Then, click Next.

  8. On the Initialize Token - IDPrime Common Criteria Settings window, create a new PIN and PUK for your token. These passwords are not commonly used, but serves an extra layer of internal authentication method. 

    WARNING: If the PUK or PIN is lost, forgotten or entered incorrectly five times, the eToken will be permanently locked. 


    Then, click Finish to complete the process.

  9. Click OK to acknowledge that all current token contents will be deleted. This will start the initialization process. 

    WARNING: The token must remain plugged in until the initialization process is complete. Removing the token during the operation will damage it.

  10. Click OK to complete the process.

  11. Your Safenet eToken is initialized. It is now ready to have a Certificate installed. 

Related Articles

Generate a CSR - Internet Information Services (IIS) 5 & 6

Sep 17, 2013, 7:43 AM

Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in Internet Information Services (IIS) 5 &6. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

Install Certificate - F5 FirePass

Sep 6, 2013, 6:23 AM

Article Purpose: This article provides step-by-step instructions for installing your certificate in F5 FirePass. If this is not the solution you are looking for, please search for your solution in the search bar above.

Read More

Certificate Signing Request (CSR) Confirmation

Aug 26, 2013, 12:51 PM

The GlobalSign Certificate Center will use the information you have provided via your CSR and the information you will provide during the next part of the application process to build the full Subject information within your SSL certificate

Read More

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support