Hi dears, we managed to solve the issue. The problem resided on the PKI configuration, one of the intermediate certification authorities was not authorized to sign other certificates, and the problem was that this intermediate CA was the one signing the certificates for our tokens.
A new certificate with extended features was created for the intermediate CA and new certificates were generated for our tokens.