When using a hardware token-based certificate, it is important to download and install the SafeNet Authentication Client to sign the certificate of Sectigo code signatures. I have installed this several times in the case of developers and organizations, and one thing never fails: your code signing certificate will not work unless you have installed the SafeNet client properly.

Sectigo frequently provides hardware-based code signing certificates on a USB device (such as an eToken). The private key is stored in that token. However, your system cannot communicate with the token unless you install the SafeNet Authentication Client and configure it to do so.

It is very simple to do in phases.

Learn The Reason why the SafeNet Authentication Client is needed

Know the purpose of everything before installing it.

SafeNet Authentication Client stands between:

• Your USB token (eToken)
• Windows OS
• Visual Studio/signing tools
• Certificate store

Without SafeNet client:

• The token won’t be detected
• The certificate will not be shown in windows store.
• Signing tools are not allowed to get a personal key.
• Code signing will fail

SafeNet client is also required in case your Sectigo certificate was issued with a USB token or was put in an HSM-based storage.

Review System Prerequisites

Check compatibility before downloading.

The systems that are supported often involve:

• Windows 10 / 11
• Windows Server editions
• Access by administrators is needed.
• USB port for the token

Also ensure:

• Erase old versions of SafeNet (where necessary)
• Unplug the token before installation.
• Close Visual Studio or signing tools.

The installation of the most recent version prevents conflict on drivers. 

Download Authentication Client SafeNet

Thales (previously Gemalto) provides the SafeNet client. Get it from the official or Sectigo-provided link. One should always use reliable sources.

Typical download steps:

• Open browser
• Go to the Sectigo support page or official partner portal in CA.
• Find SafeNet authentication client. installation.
• Select version depending on system (32-bit or 64-bit)
• Get a new stable version.

File name usually looks like:

• SafeNetAuthenticationClient-x64.exe

• To eliminate the risks of malware, one should not download from random third-party sites.

Ready the System before Installation

Before running the installer:

• Disconnect the USB token
• Close all applications
• Turn off antivirus (in case it blocks drivers)
• Make sure that the admins are available.

This eliminates the conflict of installations. Also, see whether there is any older version of the SafeNet.

To uninstall the old version:

• Go to Control Panel > Programs
• Find SafeNet Authentication, Client
• Click Uninstall
• Restart system

Installation of the new version minimises mistakes.

Install the Authentication Client SafeNet

Now begin installation.

• Find an installer package that has been downloaded.
• Right-click – > Choose to run as Administrator.

The installation wizard will appear.

After installation instructions:

• Accept the license agreement
• Select regular installation.
• Select default components
• Click Install

Installation can be done within a couple of minutes.

Once complete:

• Click Finish
• Restart the system if prompted

Upon restart, the services of SafeNet will be active.

Plug the Sectigo USB Token

Once it has been installed:

• Install the Sectigo USB token in the system.
• Wait until Windows detects the device.
• SafeNet drivers will be initialised automatically.

It takes a couple of seconds before the token can be identified.

If detection fails:

• Try a different USB port
• Restart system
• Reinstall drivers

SafeNet client should verify the presence of the token prior to the use of the certificate.

Check Token Detection in SafeNet Client

To confirm installation:

• SafeNet Authentication client tools are open-source.
• Go Start Menu – SafeNet – Tools.
• Launch SafeNet Client

You should see:

• Token listed in the left panel
• Certificate container
• Token details

In case a token has been received, there was a success in installation.

If the token is not visible:

• Reconnect token
• Restart the SafeNet service
• Check USB drivers

Specify or Check Token Password (PIN)

Sectigo tokens have a default password (PIN). Before signing, you have to change or check it.

Steps:

• Open SafeNet Client Tools
• Right-click token
• Change Token Password.
• Type in the default password (given by Sectigo)
• Set a new strong password

Choose a strong PIN:

• Minimum 8 characters
• Mix letters and numbers
• Avoid simple patterns

This PIN shall be mandatory whenever signing the code.

Certificate Check in Windows Store

Once the token has been detected, it will be visible in windows certificate store.

To check:

• Press Windows + R
• Type:certmgr.msc

• Navigate to: Personal – Certificates
• You should see: Sectigo Certificate of Signing Code

• Validity dates

• Issuer details

In the case of the certificate, the integration of SafeNet is functional.

If not visible:

• Restart system

• Reinsert token

• Reinstall the SafeNet client

Sign the Code with a Certificate

After the installation of SafeNet and the certificate, it is possible to sign code.

Common tools:

• Visual Studio
• SignTool
• PowerShell signing
• ClickOnce deployment

During signing:

• System will require token PIN.
• Insert PIN to gain access to the private key.
• Signing completes securely
• The secret key does not go out of the token, and is very secure.

Troubleshooting Popular Problems

Token not detected:

• Reinsert token

• Check USB drivers

• Restart system

Certificate not visible:

• SafeNet should be installed properly.

• Check the certificate store

• Update drivers

Signing Fails:

• Run the tool as Administrator

• Ensure token connected

• Enter the correct PIN

PIN locked:

• Too many false tries get hooked in token.

• Use PUK or contact the provider

• Essentially, never forget Sectigo backup instructions.

Best Practices for Security

In case of SafeNet and Sectigo certificates:

• Never share the token PIN

• Store the USB token securely

• Remove token when not in use

• Use a strong password

• Limit access to authorised users.

• Wizardly save certificate details.

Hardware tokens offer more security than software certificates. Use them as keys to physical security.

SafeNet client can be installed and used to provide safe communication between your system and the Sectigo code signing certificate when it is installed correctly. Subsequently, application signing becomes hassle-free, safe, and in line with the current security requirements.

Conclusion

When it comes to code signing, there’s no room for shortcuts. One missing driver, one misconfigured client, and your signing process breaks. Installing the SafeNet Authentication Client correctly isn’t just a setup step. It’s the bridge between your hardware token and secure, trusted software distribution.

Once everything is configured properly, signing becomes seamless. Your private key stays protected inside the token. Your applications install without scary warnings. Your users trust what they download.

If you’re ready to secure your software the right way, contact us to purchase your Code Signing Certificate today. Our experts will guide you through issuance, token setup, and installation so you can sign with confidence and ship securely.

Cheap Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Starting at Just $215.99/Year