Certificate process overview
IDES will use a digital certificate to provide encryption of the payload of information between the sending party and the IRS.
What is a certificate?
Digital Certificates are also known as a Public Key Certificate or Identity Certificate. The certificate is a trusted instrument to show the recipient that the sender is truly who they say they are and provides proof of ownership of the public key, verified by the Certificate Authority (CA). This certificate includes a public key, information about the owner’s identity and a digital signature of the entity that has verified the certificates content.
The certificate will be validated during the enrollment process to confirm that it adheres to the IDES requires of it being valid, being non-expired and from the approved list of Certificate Authorities (CAs).
|Certificate Authority (CA)||Required Certificate||External Website Link|
|DigiCert||Standard SSL||Standard SSL|
|DigiCert||EV SSL||EV SSL|
|GlobalSign||Organization SSL||Organization SSL|
|GlobalSign||Extended SSL||Extended SSL|
|Entrust||Standard SSL||Standard SSL|
|Entrust||EV Multi-Domain SSL||EV Multi-Domain SSL|
|IdenTrust||Standard Server SSL||Standard Server SSL|
|IdenTrust||FATCA Organizational Certificate||FATCA Organizational Certificate|
|Sectigo (formerly Comodo)||EV-SSL||EV-SSL|
You must obtain the required certificate from the specific CA.
Example: If you choose IdenTrust you must obtain their Trust ID Server (SSL) Certificate.
Certificates and Enrollment
The certificate file must have a .pem (Base 64) or .der (Binary) file extension for loading into IDES.
The certificate will be loaded into IDES as part of the enrollment process of the first User (Administrator). This means that you will need to have the certificate prior to attempting enrollment. The certificate will be validated during the enrollment process. Validate certificates will be active (i.e., has not expired), will be valid (i.e., the CA hasn't revoked them) and the certificate will have come from one of the approved CAs. If any of these conditions are not met, the certificate is considered invalid. It will be your responsibility to confirm with your CA what needs to be done to overcome any of these challenges.
Once you have completed enrollment of your Administrator you can enroll other End Users under the Administrator. The End Users will not be required to upload a certificate since the Administrator has already completed the certificate upload.