Initialize SafeNet eToken
Jun 24, 2026
Initialize SafeNet eToken
OVERVIEW: This page walks you through the process of initializing SafeNet eToken. At the completion of this procedure, you will be able to have your certificate stored in the USB eToken. For more SafeNet eToken management guides, please refer to this page↗.
Get Started
-
The initialization process is a requirement when:
• Setting up the SafeNet Token for the first time.
• Resetting the etoken to set up a new password for locked etoken or forgotten passwords. -
Reinitializing your eToken will delete all certificates currently installed on the token. If you have existing certificates on the eToken, they will be removed permanently and will have to be reissued and installed again.
-
GlobalSign provides one free token to new customers and offers free replacements if the token becomes unsupported or faulty. For additional token, you can buy directly from GlobalSign or from another vendor, provided the token is compatible with GlobalSign requirements. GlobalSign support the following token models from Thales:
• Safenet eToken 5110 (For AATL Only)
• Safenet eToken 5110+ CC (940)
• Safenet eToken 5110+ CC (940B)
• Safenet eToken 5110+ CC (940C)
WARNING: GlobalSign verifies token compatibility during installation. If an unsupported token is used, an error message will appear, and the certificate will not install. If a token is lost, blocked, or otherwise unusable due to customer actions, a replacement must be purchased. To proceed with purchasing a new etoken, please contact your Account Manager. If you don't have an account manage, reach out to our support team↗ for assistance.
Launch Interactive Demo
Prerequisites
- GlobalSign-provided USB eToken. This is mailed upon ordering GlobalSign's Document, Email or Code Signing Certificate↗.
- Downloaded and installed SafeNet Authentication Client↗ in your operating system. This tool is required to initialize your SafeNet USB token.
-
Prepare passwords for the following:
• Administrator Password. This password is used to manage the token. It can be updated, but not required.
• Token Password. This password is required to access the token certificate store. It is recommended to be updated.
• PUK or PIN. These passwords are not commonly used, but serves an extra layer of internal authentication method. This is required.
See Password Specifications and Requirements↗ to learn more about these passwords.
IMPORTANT: If the token password is lost, forgotten or entered incorrectly several times, it can be retrieved by initializing the eToken using the administrator password. If the Administrator password is lost, forgotten or entered incorrectly several times, the eToken will be permanently locked. Keep passwords in a secure password manager for easier tracking.
Guidelines
The following guidelines is for initializing the earlier version of the SafeNet eToken (SafeNet eToken 5110) which commonly supports AATL Certificates only. This cannot be used in Code Signing and Qualified Certificates. If you are using the most recent version — SafeNet eToken 5110+ CC (940) version, please refer to the other tab.
-
Insert your SafeNet USB token into your computer, then open the SafeNet Authentication Client Tools.
-
Click the Gear icon on the top right to open the Advanced View.
-
From the Advanced View, right-click on the token name. NOTE: For first time users, the default name is usually My Token.
-
Click Initialize Token.
-
In the Initialize Token - Initialization Options window, choose Configure all initialization settings and policies, and then click Next to proceed.
-
In the Initialize Token - Password Settings window, follow the steps:
IMPORTANT: If the Token password is lost, forgotten or entered incorrectly several times, it can be retrieved by initializing the eToken using the administrator password. If the Administrator password is lost, forgotten or entered incorrectly several times, the eToken will be permanently locked. Keep passwords in a secure password manager for easier tracking.
-
Create a new token name.
-
Create and confirm a new Token Password.
NOTE: If you DO NOT want to make any changes with the current token password next time you access the token, untick the Token password must be changed on first logon box.
-
If you wish to change the default Administrator Password, create and confirm a new admin password. Otherwise, you can untick the box to keep the default password in use.
-
Click Finish.
-
-
Click OK to acknowledge that all current token contents will be deleted.
-
The initialization will start. NOTE: Please DO NOT unplug the token while initialization is ongoing.
-
Your SafeNet eToken is initialized. It is now ready to have a certificate stored. Click OK to complete the process.
The following guidelines is for initializing the latest version of the SafeNet eToken (SafeNet eToken 5110+ CC (940) which commonly supports Code Signing and Qualified Certificates. If you are using the earlier version for your AATL Certificate — SafeNet eToken 5110 version, please go back to the other tab.
-
Insert your SafeNet USB token into your computer, then open the SafeNet Authentication Client Tools.
-
Click the Gear icon on the top right to open the Advanced View.
-
From the Advanced View, right-click on the token name. NOTE: For first time users, the default name is usually My Token.
-
Click Initialize Token.
-
In the Initialize Token - Initialization Options window, choose Configure all initialization settings and policies, and then click Next to proceed.
-
In the Initialize Token - Password Settings window, do one the following:
• Tick the Use factory default administrator password box and the Use factory default digital signature PUK box to use the default passwords.
NOTE: The default Administrator Password is "0" entered forty-eight (48) times and the default Digital Signature PUK is "000000".
• If you have previously changed the Administrator password and PUK, untick the box, and then enter the current password.
Then, click Next.
-
In the Initialize Token - Password Settings window, follow the steps:
-
Create a new token name.
-
Create and confirm a new Token Password.
IMPORTANT: If you DO NOT want to make any changes with the current token password next time you access the token, untick the Token password must be changed on first logon box.
-
If you want to change the default Administrator Password, enter your desired password in the field provided. Otherwise, proceed to next step if you DO NOT want to change the default password.
-
If you DO NOT want to make any changes with the current administrator password, tick the Keep the current administrator password box. Otherwise, untick and enter a new password.
IMPORTANT: For first time users, it is strongly recommended to update the default token password to a private password for utmost security. It can be retrieved using the Administrator Password. Meanwhile, the default Administrator Password is recommended to be used instead of updating it as this will not give access to the certificate store. If lost, forgotten or entered incorrectly several times, the eToken will be permanently locked. For users who previously created their own password, it is recommended to be kept in a secure password manager for easier tracking.
-
Click OK to acknowledge that you will not be changing your administrator password.
-
Click Next.
-
-
On the Initialize Token - IDPrime Common Criteria Settings window, create a new PIN and PUK for your token. Then, click Finish to complete the process.
NOTE: These passwords are not commonly used, but serves an extra layer of internal authentication method. -
Click OK to acknowledge that all current token contents will be deleted. This will start the initialization process.
-
The initialization will start. NOTE: Please DO NOT unplug the token while initialization is ongoing.
-
Your SafeNet eToken is initialized. It is now ready to have a certificate stored. Click OK to complete the process.
Related Articles
SSL Configuration Test
Check your certificate installation for SSL issues and vulnerabilities.