What to do with your old tokens?
When renewing your token certificates, most certification authorities choose to deliver the new product on a new token.
As standards evolve very quickly, this allows you to always be in possession of a token compatible with current standards (notably RGS and eIDAS).
So what to do with tokens that are no longer in use?
Option 1: reuse
Cryptographic tokens can accommodate multiple certificates. Your old tokens can therefore be used to store other certificates.
See our documentation on this subject: Is it possible to install several certificates on a single token?
Option 2: destruction
ChamberSign Certificates
ChamberSign invites holders of expired or revoked token certificates to return their equipment to the Registration Bureau who issued them.
Once done, the Bureau takes care of destroying the chip and then returns the support to ChamberSign for recycling.
Certigna certificates
It is possible to return your support to Certigna for destruction or recycling. However, the authority does not verify the status of the certificate nor destroy the chip.
We therefore recommend that, before returning the token, you destroy the chip:
- open the token
- extract the chip
- cut the chip in half with a pair of scissors
- close the support
- send it to Certigna
GlobalSign & Harica certificates (SafeNet token)
The authorities do not support the return and recycling of tokens. Likewise, tokens SafeNet do not have a removable chip. It is therefore not possible to carry out the procedure of destruction detailed above. However, there are 2 options for managing expired or no longer used certificates:
Reset token
This procedure will completely erase the token and reconfigure it with the settings factory and therefore destroy the certificates it carries.
- open the SafeNet Authentication Client Tools application
- click on the gear at the top right of the window to access the advanced view
- in the left panel, right-click on the token name and click on “Initialize Token”
- choose the option "Configure all initialization settings and policies"
- create a new password for your token (the default password is "1234567890")
- uncheck the “Token password must be changed on first logon” option and click on “Finish”
- a popup opens asking you for confirmation, click on “OK”
Then put the media for recycling, by dropping it off at the recycling center or in a computer store which will collect it free of charge.
Remove a specific certificate from the token
This procedure will allow you to delete certificates from your token one by one, if you want to continue using the token.
- open the SafeNet Authentication Client Tools application
- click on the gear at the top right of the window to access the advanced view
- in the left panel, "User certificates" section, right-click on the name of the certificate to delete and click on “Delete certificate”
- a popup opens asking you for confirmation, click on “OK”
Other authorities
We are not aware of the token management policy of other certification authorities.
Sectigo uses SafeNet tokens which, as indicated above, do not have no removable chip. It is therefore not possible to carry out the destruction procedure detailed above.
You must then put the support for recycling, by dropping it off at the recycling center or in a computer store which will recover it for free.