Digital certificates

Digital certificates bind digital information to physical identities and provide non-repudiation and data integrity. To begin the IDES enrollment process, each entity should obtain one valid digital certificate issued by an approved certificate authority (CA). IDES stores your public key and related digital certificate.  IDES only recognizes and accepts digital certificates issued by IRS approved certificate authorities, listed below.

IRS public key

The IRS Public Key is a certificate that can be downloaded from the IDES Enrollment site. The public certificate should be included in the FATCA data packet (transmission archive) to the IRS.

Note: The public/private key pairs used for encryption for FATCA filings have an expiration date and are generally valid for one year. A new IRS Public Key for FATCA filings is issued annually.

Certificate file format

Supported formats for the digital certificate are:

• Distinguished Encoding Rules (DER) binary X.509
• Privacy Enhanced eMail (PEM) ASCII (Base-64) encoded X.509

IDES will convert digital certificates received in DER format to Base64 for storage and retrieval.

Intermediate Certificates

IRS approved certificate authorities may issue an intermediate certificate as part of their certificate chain. If you are having an IDES transmission issue and you are using an intermediate certificate, please review whether that certificate is noted in the list of intermediate certificates stored in IDES ZIP. You may want to also review the relevant IRS approved certificate providers’ certificate libraries in the below table to validate the authenticity of your certificate. If your intermediate certificate is not listed, contact the IDES help desk with subject line: “Request intermediate certificate addition” and provide us your intermediate certificate to store in IDES.