Installing your EV Code Signing Certificate onto a Secure Token

This page provides instructions for installing your EV Code Signing Certificate onto a supported secure token. Use the instructions if you fall into one of the following use cases:

  • You are installing your DigiCert® EV Code Signing Certificate on your own supported secure token.
  • You are installing an additional DigiCert® EV Code Signing Certificate on a supported secure token (your own or one provided by DigiCert).
  • You are renewing your DigiCert® EV Code Signing Certificate on a supported secure token (your own or one provided by DigiCert).

You must have a FIPS 140-2 Level 2 compliant device.

  • SafeNet eToken 5100
  • SafeNet eToken 5105
  • SafeNet eToken 5200
  • SafeNet eToken 5205
  • SafeNet eToken PRO 72K
  • SafeNet eToken PRO Anywhere
  • SafeNet iKey 4000

Note: If you opted to have DigiCert send you a secure token when you ordered your DigiCert® EV Code Signing Certificate, the SafeNet eToken PRO 72K device has the certificate preinstalled on it for you. To activate your device, see Activate Your EV Code Signing Hardware.

Entering the Initialization Code and Detecting the Secure Token

  1. Log into the DigiCert® Management Console.

  2. In the DigiCert® Management Console, on the My Orders tab, select the Order# for your EV Code Signing Certificate.

  3. In the Initialization Code section, locate and record your EV Code Signing Certificate’s initialization code (i.e. lettersandnumbers12345678).

    Later, when prompted by the DigiCert Hardware Certificate Installer wizard, you must enter this code.

    DigiCert Account EV Code Signing Certificate Details

    Note: If the initialization code is not displayed, you must re-key your EV Code Signing Certificate to be issued a new code. See Re-keying/Reissuing your EV Code Signing Certificate.

  4. After you have recorded your certificate’s initialization code, click the Certificate Installer link to download and run the EV Code Signing Certificate Installer.

    Link to Download Certificate Installer from DigiCert Customer Account Area

  5. In the DigiCert Hardware Certificate Installer wizard, on the Welcome page, click Next.

    EV Code Signing Utility Welcome Screen

  6. On the License Agreement page, read the User License Agreement, check I accept and agree to the license agreement, and then, click Next.

    EV Code Signing Utility License Agreement

  7. On the Initialization Code page, in the Initialization Code box, enter your initialization code that you previously recorded and then, click Next.

    EV Code Signing Utility Enter Initialization Code

  8. On the Token Detection page, plug in your token and then, click Next.

    Make sure that only one token is plugged in. If more than one token is plugged in, the wizard asks you to remove the tokens that are not being used for EV Code Signature Certificate installation.

    Also, make sure that the drivers for the token are installed. If not the wizards asks you to remove your token, install the drivers, and then, re-install your token.

  9. Next, the DigiCert Hardware Certificate Installer wizard analyzes your secure token device.

  10. On the Token Detection page, the wizard reports on what it discovers and presents you with the appropriate options.

    1. The wizard reports that your token has already been properly initialized with a token password.

      Do one of the following:

      1. Click Next.

        Use this option if you want to continue using your current token password to install or renew your DigiCert® EV Code Signing Certificate.

        See Installing the EV Code Signing Certificate without Reinitializing Your Secure Token.

        EV Code Signing Utility Token Detection. Correctly Initialized

      2. Check Re-initialize my token and permanently delete any existing certificates and keys and then, click Next.

        Use this option if you fall into one of the following situations:

        • You forgot your password, and you did not set up an administrator token password.

        • You want to reset your password and clear all certificates and keys from the token.

        • You need to reset your password for security purposes, and you did not set up an administrator token password.

        See Initializing or Reinitializing Your Secure Token and Installing the EV Code Signing Certificate.

        Caution: This option permanently deletes any existing certificates and keys on the device. If you delete a DigiCert® EV Code Signing Certificate, you can get it re-issued. Re-issuing a certificate revokes the old certificate, but code signed with the revoked certificate remains valid if it was timestamped when it was signed. See Re-keying/Reissuing your EV Code Signing Certificate.

    2. The wizard reports that your token must be initialized.

      Click Next.

      See Initializing or Reinitializing Your Secure Token and Installing the EV Code Signing Certificate.

    3. The wizard reports any of the following issues with your token:

      • Your token was not initialized in a secure FIPS mode.

      • You token was not initialized with a token password.

      • Your token was not initialized in a mode that supports 2048-bit keys.

      Check Re-initialize my token and permanently delete any existing certificates and keys and then, click Next.

      See Initializing or Reinitializing Your Secure Token and Installing the EV Code Signing Certificate.

      Caution: This option permanently deletes any existing certificates and keys on the device. If you delete a DigiCert® EV Code Signing Certificate, you can get it re-issued. Re-issuing a certificate revokes the old certificate, but code signed with the revoked certificate remains valid if it was timestamped when it was signed. See Re-keying/Reissuing your EV Code Signing Certificate.

Installing the EV Code Signing Certificate without Reinitializing Your Secure Token

Use these instructions if you are renewing or installing additional code signing DigiCert® EV Code Signing Certificates on your properly initialized token.

  1. On the Token Password page, in the Token Password box, enter your password and then, click Finish.

    EV Code Signing Utility Enter Token Password

  2. On the Certificate Installation page, after you receive four green checkmarks, click Close.

    It may take a few minutes for the wizard to install the EV Code Signing Certificate.

    EV Code Signing Utility Certificate Installation Process

Initializing or Reinitializing Your Secure Token and Installing the EV Code Signing Certificate

Use these instructions if you need to set up your secure token before installing your DigiCert® EV Code Signing Certificate on it.

  1. On the Token Setup page, enter the following information and then, click Next:

    Token Name Provide a name for your token.
    If you have more than one token, provide a unique name to help identify what you are storing on it (i.e. EV Code Signing Token).
    Password: Under Token Password, enter and confirm the password for the token.
    Confirm: You are required to enter this password whenever you use the EV Code Signing Certificate on the token.
    Password must be 8 – 16 characters long.
    Password must have at least one lower case letter, one upper case letter, one number, and one punctuation.

    EV Code Signing Utility Assign a name and password to secure token

  2. On the Administrator Setup page, do the following to setup an administrator password:

    • Check Set Administrator Password.

    • In the Password and Confirm boxes, enter and confirm the token administrator password.

    We recommend that you setup an administrator password. If the token becomes locked, you can use this password to unlock the token. Without an administrator password, you must reinitialize the token, which permanently deletes all certificates and keys. You can also use the administrator password to reset the token password.

    EV Code Signing Utility Create Token Administrator (Optional)

  3. Click Finish.

  4. On the Certificate Installation page, after you receive four green checkmarks, click Close.

    It may take a few minutes for the wizard to install the EV Code Signing Certificate.

    EV Code Signing Utility Certificate Installation Process



Buy an EV Code Signing Certificate!

Buy Now

Troubleshooting

Problems may arise if you use your token to secure personal identity certificates and EV Code Signing Certificates. If problems occur, you may need to reinitialize your token. Note that reinitializing your token will erase the contents of the device. We recommended that you use one token for personal identity certificates and another token for EV Code Signing Certificates.