Blog Support

Reissue your DigiCert/Verokey Code Signing onto USB eToken

This tutorial will run through the process to reissue your Code Signing Certificate from DigiCert or Verokey onto the USB eToken

Video guide on how to reissue your code signing certificate
Play Video

Video guide on how to reissue your code signing certificate

Step 1. Login to your SSLTrust account and submit a reissue request

If you are not already logged in. Login to your SSLTrust account and view your Code Signing Certificate from DigiCert or Verokey you need to reissue.

Manage SSLTrust Service

On the services management page, click the reissue certificate button.

Certificate Reissue button

Because we are doing a reissue of our certificate onto the USB eToken, we already have been sent when we first order and initialised the token. We will select Use Existing Token on the reissue page.

If you are using a token you have been sent within the last 5 years, it will most likely be a 5110+. However, if you want to double check, you can see the token type from the SafeNet client app.

Select existing token for reissue provisioning method

We dont need any value for the server platform, so we will continue by clicking the Submit Reissue Request button.

This will then take us to the validation manager, where you will see the order status and any organisation validations. If you require your organisation to be validated ( as it does expire every few years ), you will need to wait for that to be completed by the DigiCert validation team before you continue to the next steps.

When the reissue is ready to be processed, you will be emailed to approve it. So watch for the email and approve it when it is received.

Step 2. Initialise your USB eToken

When your reissue is approved, access the validation manager ( via your SSLTrust account ), and you will see a new initialisation code.

digicert reissue initialisation code

Plugin in your USB eToken

Plugin DigiCert USB eToken

Copy the initialisation code, and then launch the DigiCert Certificate installer from your desktop. If you no longer have it from when you did your original token initialisation and install, you can download it here: https://www.digicert.com/StaticFiles/DigiCertHardwareCertificateInstaller.zip

Also, if you haven't installed them already, you will need the SafeNet drives installed. It is also a good idea to always download the most recent ones, as they update often.

Go here to download the SafeNet Drivers

With the DigiCert Hardware Certificate Installer launched, go through the initial screens of the terms agreement until you get to the screen to paste in your initialisation code, paste it in and click next.

digicert initialisation code pasted in

You must select to delete the existing Certificates and Private Keys on the token, as we are reissuing it and installing new ones.

delete existing private keys and certificate

You will need to select your Key type and size

Select the key type

Enter a name for your token and a token password ( or token pin ).

Enter a password and name

Now, enter a Token Admin password or select to use the token default, which is "0" 48 times.

Enter token admin password

Now click Finish, and it will start the process of installing a new Private Key and Certificate. This can take a few minutes to complete

Reissue finished

When that is complete, your new reissued certificate will be installed on the USB eToken, and you will be ready to continue your code signing.

Discussions and Comments

Click here to view and join in on any discussions and comments on this article.

Written by
Paul Baka


Helpful Guides

View more Guides, FAQs and information to help with your Certificate purchases.

Learning Centre

View more resources on cyber security, encryption and the internet.


Continue reading with these guides you may be interested in...

#Code Signing

Configure and Setup Verokey/DigiCert USB eToken

Video Included

Today, we are going to run through the process of ordering and configuring your new DigiCert or Verokey Code Signing Certificate. Then, we will initialise a new USB eToken to have the Certificate installed onto it as a secure HSM USB Device.