Installing your EV Code Signing Certificate onto a Secure Token

This page describes the process for installing your EV Code Signing Certificate onto a supported secure token device. Please note that you won't need to follow these instructions if you chose to have DigiCert ship you a secure token during the ordering process, as the device will have the certificate preinstalled for you. These instructions require a FIPS 140-2 Level 2 compliant device see a list of approved devices. After completing these steps, we advise you to change your secure token password.

Enter Initialization Code and Secure Token Detection

  1. Download the EV Code Signing Certificate Installer by logging into your DigiCert account and clicking the order number for your Code Signing certificate; then click Certificate Installer.

    Link to Download Certificate Installer from DigiCert Customer Account Area

  2. At the DigiCert Hardware Certificate Installer's welcome screen, click Next.

    EV Code Signing Utility Welcome Screen

  3. Read the License agreement, then click to accept it and click Next.

    EV Code Signing Utility License Agreement

  4. Next Login to your account, then click your order number to obtain your certificate's Initialization Code
    (e.g. lettersandnumbers12345678).

    DigiCert Account EV Code Signing Certificate Details

    Then enter this code into the EV Code Signing Utility and click Next.

    EV Code Signing Utility Enter Initialization Code

  5. The next screen that you will see will report one of four things about your device:

    1. Because the device has already been initialized, you will just need to enter the token password. Click Next to continue installing the certificate without reinitializing the token. Use this option for re-keying your certificate, or installing an additional EV Code Signing Certificate to your token.

      EV Code Signing Utility Token Detection. Correctly Initialized

    2. The token was initialized previously but doesn't support 2048 bit keys required to be FIPS compliant for EV Code Signing Certificates, so the device will need to be reinitialized. To install the certificate to this device you will just need to click Next to begin reinitializing the token.

    3. Your token has not been initialized and will need to be initialized (basically this means you will need to create a password for the device to install the certificate). Select the checkbox and click next to reinitialize the device.

      Note: If for any of the previous three situations you wish to either initialize or reinitialize the token, you would like to re-key your certificate, or you forgot the secure token's password and don't have an administrator password set up, check the box to reinitialize the secure token and click Next.

    4. The device has not been initialized. Click Next to initialize the secure token.

Initializing or Reinitializing a Secure Token

The following two screens will only be displayed if you are initializing the token. During initialization you will be given the opportunity to name the device, create a user password, and an administrator password allowing you to reset the user password without reinitializing (deleting the keys and certificates) the device.

  1. Enter the authorization code for your new certificate. To access this, login to your account and click your order number. If no initialization code is displayed in the top area listing the certificate details you will need to re-key your EV code signing certificate to be issued a new code.

  2. On the next screen enter a name for the token to help you keep track of it, and assign a password to it. You will be required to enter this password when signing code using the certificate on the token.

    EV Code Signing Utility Assign a name and password to secure token

  3. The next screen will allow you to create an admin password to reset the user password in case someone either forgets their password or exceeds the number of permitted incorrect password attempts for the device. After entering a password click Finish to install the certificate to the device.

    EV Code Signing Utility Create Token Administrator (Optional)

Install Certificate Without Reinitializing Token

If you are installing additional code signing certificates to your device, the new additional certificates will not be preinstalled by DigiCert personnel. After entering the initialization code from step 4 of the above section 'Enter Initialization Code and Secure Token Detection,' you will only be required to enter your password to install an additional certificate to the token.

  1. Enter the password for your token and click Finish.

    EV Code Signing Utility Enter Token Password

Finish Installing the EV Code Signing Certificate to Token

  1. The next step may take a few minutes for the device to install the certificate, then after all the steps have been completed and you have 4 green checkmarks, click to Close the program.

    EV Code Signing Utility Certificate Installation Process



Buy an EV Code Signing Certificate!

Buy Now

Troubleshooting

We have had reports of problems arising if you are trying to use the device to secure both a personal identity certificate as well as a code signing certificate. We recommended you get separate devices for both of these purposes, or reinitialize your token if you have a personal certificate on there. Note, this will erase the contents of the device.