Overall System Status:
An eToken with a Public Key Infrastructure (PKI) security certificate provides two-factor authentication, thereby reducing the chances of someone being able to impersonate you. Someone would need both your eToken and your password in order to impersonate you when accessing systems that require eToken authentication.
eTokens allow you to access the Dartmouth Secure wireless network, identify (authenticate) yourself to some applications, digitally sign e-mail and other electronic documents and transactions, encrypt data traffic (either on-campus wireless using 802.1x or all traffic when off campus using VPN), and encrypt e-mail and other documents to prevent unauthorized access (note: this is risky because if you lose your key, there is no recovery).
Note: If you have an eToken, you do not need to download a private software certificate to your machine because a certificate will be added to your eToken when it is created for you.
An eToken is a device that plugs into a USB port on your computer. It is designed to hold a Public Key Infrastructure (PKI) security certificate, which is an electronic certificate that uniquely identifies individuals to computers. A rough analogy would be that an eToken is part of an electronic Identification Card that is completed or enabled when you enter your password. The eToken is about the size of a house key and can be kept on your key ring.
Students can purchase an eToken from The Computer Store, located in the lower level of McNutt Hall.
Faculty and staff should contact the IT Call Center at 646-2999, or call your department's IT support office for more information on getting an eToken.
The Aladdin eToken software must be installed for your eToken to work on a computer. Version 5.0 of the Aladdin eToken for Windows package works with Windows 2000, XP, Vista, and Windows 7. Aladdin eTokens are interchangeable across Windows, the Macintosh, and Linux computers when using this software.
Regardless of which browser you use, you will need to have the Dartmouth Root Certificate installed on your computer. If the Dartmouth Root Certificate has not already been installed on your computer, see the instructions for Acquiring the Dartmouth Root Certificate.
To obtain an eToken and have the electronic certificate installed on your eToken, you must first purchase one from Computing Sales and Service at 001 McNutt Hall. After purchasing the eToken, go to the IT Walk-in Center in 178J Berry Library. Everyone needing a certificate on their eToken will need to show their Dartmouth I.D. card or other form of picture identification, such as a driver's license or passport, to verify that you are the person whose name is going to be put on the eToken.
Your eToken password is important. For help with selecting a good password, see Selecting a Password. If you want to change the password on your eToken sometime in the future, go to the eToken Properties application in your Programs or Applications listing and change it, but be sure to keep the password strong. This does not affect the value of the private key on the eToken, just access to the other information on the eToken.
To use your personal certificate, you may also need to install the Dartmouth Root Certificate in your web browser’s certificate store. This root certificate helps your computer determine whether Dartmouth-issued certificates are trustworthy.
Go to the Dartmouth Root CA web page and follow the instructions below, depending on which browser and operating system you are using. Note: if you use Firefox or Netscape, you have to import the root certificate for each browser.
Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. A File Download window will open. Click Open, then Install Certificate, then Next, Next, and Finish. You will get a pop-up box that says, "The import was successful." Click OK to close the pop-up box, then OK to close the Certificate Import box.
Under the "Download certificates" section of the Dartmouth Root CA web page, click the Dartmouth CertAuth1 CA (Dartmouth Root CA) link. A Downloading Certificate box will open. Put a check mark beside each of the three options in the center of the box, then click OK.
For normal use, insert the eToken into a USB port on your computer before you start your applications. The red LED light on the eToken will flash while loading, then stay on once loaded. When an individual application requires the use of a certificate in the eToken, a box will appear asking for the password for the eToken. Each separate application requires entering the password to unlock your certificate on the eToken. Most applications will only ask for the password once per session.
When you are finished using your eToken, simply unplug it from the computer’s USB port.
You will select a password when configuring the eToken. It is not related to any other password, and should be different from your DND password. Do not forget the password or enter the wrong password more than 15 times in a row. If you do, the eToken will become unusable and require reformatting (you will need to go to the IT Walk-in Center to have it reformatted, or you can contact your department's IT support office). This is a security feature that prevents misuse of lost or stolen eTokens. You may, however, change the password by using the Aladdin eToken Properties program, which has to be installed on your computer for the eToken to work.
With your eToken, you can:
Note: Both of the above e-mail applications (sign and encrypt) will work on Macintosh computers. You just need an S/MIME compatible e-mail client, such as Thunderbird or Safari. The BlitzMail client on Windows is not S/MIME compatible at this time.
You can use the Aladdin eToken Properties application to change your eToken's password or name, to view the contents of your eToken, and remove keys and certificates from it. If it is not already on your computer, you can download it from the web; see Aladdin eToken Runtime Environment.
If you remove your certificate from your eToken, a new certificate can be installed for you onto your eToken; please visit the It Walk-in Center in 178J Berry Library, contact the IT Call Center at 646-2999, or call your department's IT support office.
Note: Any e-mail messages or files encrypted with the previous certificate may no longer be able to be decrypted. We recommend you only encrypt a file if you have an unencrypted backup or you do not care whether you lose the document, or if you have a backup of your private key. An example of using encryption might be sending somebody a password; you don't care if you lose your encrypted copy as you can make another and send it.
Try not to get the eToken wet or dirty. If it gets wet, dry it out before using it.
Last Updated: 2/6/13