How to Set up your DigiCert Hardware token for Document Signing?

Certificates for document signing are necessary to protect the authenticity, integrity, and non-repudiation of your digital documents. DigiCert provides hardware tokens (SafeNet 5110 series, etc.) to store and utilize your document signing certificates securely.

The following guide will outline the steps required to set up your DigiCert hardware token for use in the document signing process.

Prerequisites

Before you get started, make sure you have the following:

• A hardware token from DigiCert: SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS
• A way to access your certificate, order information from CertCentral
• The order number for the Document Signing certificate
• You have Administrator rights on your computer
• A password manager or secure storage for token passwords.

Set up your DigiCert Hardware Token for Document Signing

Step 1: Install the SafeNet Authentication Client and Initialize Your Token

• Download and install the SafeNet Authentication Client using instructions provided by DigiCert.
• Insert the hardware token directly into your computer.
• Open the SafeNet Authentication Tool.
• Click the gear icon, right-click on your token and select Initialize Token.
• Select Configure all initialization settings and policies, click Next.
• Select Use factory default administrator password, proceed to the Password Settings page.
• Follow the directions to complete Password setup and click Finish.
• Review the warning message and click OK.
• Once Successful is displayed, click OK to complete.

Step 2: Download and Install DigiCert Trust Assistant

• Sign in to your CertCentral account, then go to your certificate page.
• Download the DigiCert Trust Assistant.
• Once downloaded, run the installer and click I Agree to accept terms.
• Choose who should have access to the application, then click Next.
• Choose the installation folder, then click Install.
• When the installation is complete, click Finish to finalize the installation.

Step 3: Install Your Certificate on the Hardware Token

• Go back to your CertCentral certificate order page.
• Make sure your token is connected and the DigiCert Trust Assistant is running.
• Click Get Token List, then select your token by serial number.
• Click Generate CSR, then Install Certificate.
• When prompted, enter your token password.
• A confirmation dialog appears indicating that the installation was successful.

Step 4: Sign Documents

Once your certificate is installed, you can begin signing documents securely. Supported applications include:

• Microsoft Office
• Adobe Acrobat
• OpenOffice and LibreOffice

How to Manage Passwords?

Proper password management is critical for your hardware token:

• Administrator Password: Default is “0” repeated 48 times; losing it permanently locks your token.
• Token Password: Used to access the certificate store; can be reset if lost.
• Personal Unlocking Key (PUK): Default is 000000; not used in DigiCert’s process.
• Password Requirements: Minimum 8 characters, with uppercase, lowercase, numerals, and special characters.

Conclusion

By setting up a DigiCert hardware token to sign documents, you can be assured your documents will be safe, can be verified, and trusted.

The following steps will help you initialize your token, install the certificate, and start signing documents with confidence, in an effort to limit the likelihood of your token being misused or being accessed by someone unauthorized.

Use a secure password manager to protect your access to the token and your credentials so that the process is seamless, and the access is uninterrupted.