Note: You may use your own smart card as an alternative to the USB token offered by GlobalSign. If you are using your own smart card, you will need to meet prerequisite #5 below:
You will need a SafeNet USB Token. This will be mailed to you when you place your order.
Download and install SafeNet Authentication Client drivers. Note: For renewals, it's not necessary to reinstall Safenet drivers. However, we recommend verifying that you are using the latest Safenet driver available in the link above.
Plug in and reset the password. The default password is 1234567890.
For Qualified Certificates, the correct Qualified Signature Creation Device (QSCD) which is the Safenet eToken 5110 cc should be used. Also, the default administrator password for this token is forty-eight 0's and the default Digital Signature PUK is six 0's. You can choose to tick the respective checkboxes to auto-populate the Administrator Password and Digital Signature PUK accordingly for your convenience. Note: The Qualified Certificate is only compatible with the indicated token.
For certificate pickup, you must have access to a Windows PC and Microsoft Internet Explorer. Once the certificate is installed on the USB token, you may sign from other platforms such as OS X.
Download & Install
You can watch the video below for a tutorial.
Or, you can check the step by step guidelines below.
Once your order has been approved, vetted, and you have your USB token initialized, open the pickup link from your pickup e-mail in Internet Explorer.
Enter the Temporary Pickup Password that was set at the time of ordering:
Click Yes when prompted to allow digital certificate operations.
To install on a SafeNet USB token provided by GlobalSign, select: eToken Base Cryptographic Provider
To install on a smart card provided by you or your company, select: Microsoft Base Smart Card Crypto Provider
Check the box to agree to the subscriber agreement and click Next.
Enter the password for your USB token. This was set during the initialization process.
The screen may appear to freeze for a minute or two; do not press the back button on your browser. You should see the light on your USB token blinking. Eventually you will see a message to wait for a while as shown below.
Once the token has finished the keypair generation, click the button to Install My Certificate.
Again click Yes to allow digital certificate operations.
Finally, click OK when you get the Install Success message.
Reissue and Reinstall AATL Certificate
Note: If you are going to reissue and reinstall an AATL Certificate, you will need to delete the old AATL Certificate from the token, so that the token will use the new one. Make sure that you have installed the new AATL Certificate correctly before removing the old one.
To remove the old AATL Certificate from the token, please follow the guidelines below:
Open the SafeNet Authentication Client Tools.
Click the Gear Icon on the top right of the window for Advanced View. This will redirect you to the next window.
Click your token (may be named differently) and then click User Certificates to show the list of installed User Certificates in your token.
Select the old AATL Certificate and then click the Delete Certificate button. A dialogue box will appear, click Yes to proceed. Note: You will be required to input your Token Password, to complete this process.
You are now done removing the old AATL Certificate from your token.