Download and Install AATL or Qualified Certificate for Electronic Seals/Signatures

Feb 15, 2024

Download and Install AATL or Qualified Certificate for Electronic Seals/Signatures


This guide outlines the download and install steps for the following: 


*IMPORTANT: We highly recommend you use Fortify to install your Certificate (provided that you selected the Enrollment with Fortify option during the ordering process, if not, you need to cancel and reorder). Or, you can use IE Compatibility Mode in Microsoft Edge for installation (as IE has been retired). 


Note: You may use your own smart card as an alternative to the USB token offered by GlobalSign. If you are using your own smart card, you will need to meet prerequisite #5 below:

  1. You will need a SafeNet USB Token. This will be mailed to you when you place your order.
  2. Download and install SafeNet Authentication Client drivers. Note: For renewals, it's not necessary to reinstall Safenet drivers. However, we recommend verifying that you are using the latest Safenet driver available in the link above. Also, the new Safenet eToken 5110 CC (940) requires v10.7 or higher.
  3. Plug in and reset the password.
    Note: For the new Safenet eToken 5110 CC (940), the default password is "0000".
    For old tokens, the default password is "1234567890".
  4. For Qualified Certificates, the correct Qualified Signature Creation Device (QSCD) which is the Safenet eToken 5110 cc should be used. Also, the default administrator password for this token is forty-eight 0's and the default Digital Signature PUK is six 0's. You can choose to tick the respective checkboxes to auto-populate the Administrator Password and Digital Signature PUK accordingly for your convenience. Note: The Qualified Certificate is only compatible with the indicated token. 
  5. For certificate pickup, you must have access to a Windows PC and Microsoft Edge. Once the certificate is installed on the USB token, you may sign from other platforms such as OS X.

Download & Install

  1. Once your order has been approved, vetted, and you have your USB token initialized, open the pickup link from your pickup e-mail in Microsoft Edge (with IE Compatibility Mode enabled).
  2. Enter the Temporary Pickup Password that was set at the time of ordering:

    Step 2.JPG
  3. Click Yes when prompted to allow digital certificate operations. 

    Step 3.png
  4. To install on a SafeNet USB token provided by GlobalSign, select:
    eToken Base Cryptographic Provider

    To install on a smart card provided by you or your company, select:
    Microsoft Base Smart Card Crypto Provider
  5. Check the box to agree to the subscriber agreement and click Next.

    Step 5.JPG
  6. Enter the password for your USB token. This was set during the initialization process.

    Step 6.png
  7. The screen may appear to freeze for a minute or two; do not press the back button on your browser. You should see the light on your USB token blinking. Eventually you will see a message to wait for a while as shown below. 

    Step 7.png
  8. Once the token has finished the keypair generation, click the button to Install My Certificate.

    Step 8.png
  9. Again click Yes to allow digital certificate operations. 

    Step 9.png
  10. Finally, click OK when you get the Install Success message. 

    Step 10.png

Reissue and Reinstall AATL Certificate

Note: If you are going to reissue and reinstall an AATL Certificate, you will need to delete the old  AATL Certificate from the token, so that the token will use the new one. Make sure that you have installed the new  AATL Certificate correctly before removing the old one.
To remove the old AATL Certificate from the token, please follow the guidelines below:

  1. Open the SafeNet Authentication Client Tools.
  2. Click the Gear Icon on the top right of the window for Advanced View. This will redirect you to the next window.
  3. Click your token (may be named differently) and then click User Certificates to show the list of installed User Certificates in your token.
  4. Select the old AATL Certificate and then click the Delete Certificate button. A dialogue box will appear, click Yes to proceed.
    Note: You will be required to input your Token Password, to complete this process.
  5. You are now done removing the old AATL Certificate from your token.

Additional Resources

  1. Adobe PDF Signing Overview

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support