Grantor Certificates

Agencies are required to obtain and install a digital certificate on their application server.

Obtaining a Certificate

Your personal user authentication certificate must be purchased from a recognized Certificate Authority (CA) such as Comodo, DigiCert, Entrust, GoDaddy, Incommon, Verisign, or Thawte, and then sent to for installation. no longer accepts self-signed certificates as these cannot guarantee your identity and do not meet federal security standards.

Your certificate must have either a 1024 or 2048 bit public RSA key and use a SHA-1 based digital signature algorithm (such as SHA1RSA). Currently, does not support the newer SHA-2 based digital signatures (for example SHA256RSA), and so care must be taken when ordering your certificate.

Personal user authentication certificates may be difficult to find on the Certificate Authority websites, so we recommend that you contact sales departments directly and explain that you need a 1024 or 2048 bit SSL client certificate that uses SHA-1.

Note that you are responsible for monitoring your certificate expiration date in order to obtain a renewal from the CA before your certificate expires. Renewed certificates must also be sent to for installation.

Requesting Certificate Installation

Provide the PMO with the following information using the Certificate Request Form.

Submit this information by clicking the "Email Request" button in the form that will send the request to at will notify you via email once it has been installed.

Authorizing the Certificate

Logon to as a grantor and assign roles to the certificate through the Manage Agency Users menu item.