When using the Grants.gov applicant S2S interface, you must establish your identity by passing a personal user authentication certificate for each request.
A personal user authentication certificate is also known as a SSL client, PKI, web browser, or email certificate and associated with your identity.
Obtaining a Certificate
Your personal user authentication certificate must be purchased from a recognized Certificate Authority (CA) such as Comodo, DigiCert, Entrust, GoDaddy, Incommon, Verisign, or Thawte, and then sent to Grants.gov for installation.
Grants.gov will not accept self-signed certificates as these cannot guarantee your identity and do not meet federal security standards.
Your certificate must have either a 1024 or 2048 bit public RSA key and use a SHA-1 based digital signature algorithm (such as SHA1RSA). Currently, Grants.gov does not support the newer SHA-2 based digital signatures (for example SHA256RSA), and so care must be taken when ordering your certificate.
Personal user authentication certificates may be difficult to find on the Certificate Authority websites, so we recommend that you contact sales departments directly and explain that you need a 1024 or 2048 bit SSL client certificate that uses SHA-1.
Note that you are responsible for monitoring your certificate expiration date in order to obtain a renewal from the CA before your certificate expires. Renewed certificates must also be sent to Grants.gov for installation.
Requesting Certificate Installation
Authorizing the Certificate
After certificate installation, your E-Biz Point of Contact (E-Biz PoC) must approve the AOR status of the account is associated with your certificate. AOR Authorization instructions can be found on the registration help pages.
Using a S2S Service Provider
If you are using a 3rd party grants application system (for example Cayuse), the 3rd party system owner may provide you with a personal user authentication certificate. Otherwise, you will need to obtain the certificate and supply that to the system owner.