Getting started

Class 3 Digital Signature Certificate (DSC) for e-tendering

Q: How much does a Class 3 DSC cost?

It varies by Certifying Authority, validity of one to three years, individual or organisation, and whether a USB token is bundled. A two-year combo with token is commonly in the low four figures of rupees.

Q: Why isn't the portal detecting my DSC?

Usually the token driver or the portal's signer or Java component isn't installed, the token isn't plugged in, or the DSC isn't registered to your account. Install the driver and signer utility, plug in the token, select the valid Class 3 signing certificate, and ensure it is mapped in your profile.

Complete guide·~12 min read·Updated June 2026

A Class 3 DSC USB token signing and sealing an online tender bid — A DSC is the digital key that signs your identity onto a bid and seals your price — no DSC, no online tender.

You cannot submit a single online government bid in India without a Digital Signature Certificate (DSC) — and not just any DSC, a Class 3 one on a USB token. It's the digital equivalent of signing and sealing your tender in front of a notary: it proves who submitted the bid and encrypts your price so no one can peek before the official opening. This guide is vendor-neutral — we don't sell DSCs — and covers exactly what you need, why Class 3, how to get one, register it, renew it, and fix the errors that strand bidders on the last day.

The short version

What: a Class 3 DSC is a government-recognised digital ID on a secure USB token, issued by a licensed Certifying Authority.
Why Class 3: it's the only class still issued for e-tendering — Class 2 was discontinued in January 2021.
You need both functions: a signing certificate (to sign the bid) and an encryption certificate (to seal the financial cover) — usually a combo.
Getting one: pick a CA, give PAN + Aadhaar, complete eKYC, pay, download to a token — often within an hour. Then register the DSC on each portal.
Renew before it expires — an expired DSC is the classic last-day bid-killer.

On this page What is a DSC — and why e-tendering needs one Why Class 3 (and not Class 2) Signing vs encryption · individual vs organisation The USB token How to get a Class 3 DSC, step by step Documents required Cost & validity Register your DSC on the portal Where else a DSC is used Common DSC errors & fixes FAQ

What is a DSC — and why e-tendering needs one

A Digital Signature Certificate is an electronic credential, issued by a licensed Certifying Authority (CA) under the Controller of Certifying Authorities (CCA), that binds your identity to a cryptographic key pair. When you "sign" a document with it, anyone can verify two things: that you signed it, and that nothing has changed since. Under the Information Technology Act, 2000, a digitally-signed document carries the same legal standing as a hand-signed one.

E-procurement portals — GeM, the Central Public Procurement Portal (CPPP / eprocure.gov.in) and the state GePNIC sites — are built around that guarantee. Your bid is digitally signed (so it can't be repudiated or tampered with) and your financial bid is encrypted (so even the department can't read your price before the scheduled opening). Both operations require a DSC, which is why it's the very first thing you arrange before bidding.

Why Class 3 (and not Class 2)

DSCs used to come in classes by assurance level. That changed:

Class	Status	Use
Class 1	Largely retired	Basic email-level identity — never valid for tenders.
Class 2	Discontinued (Jan 2021)	Was used for MCA/IT filings; the CCA merged it into Class 3.
Class 3	Current standard	Highest assurance, identity verified — mandatory for e-tendering, GeM and e-auctions.

So today there's effectively one answer for bidding: a Class 3 DSC. If an old guide tells you a "Class 2" certificate is fine for tenders, it's out of date — the CCA discontinued Class 2 issuance from 1 January 2021, and portals now require Class 3.

Signing vs encryption — and individual vs organisation

Two distinctions trip people up. Get them right before you buy.

You usually need both

Signing certificate + Encryption certificate

A signing certificate authenticates you and makes the bid tamper-evident. An encryption certificate is what locks (encrypts) your financial bid so it stays sealed until opening. Tenders need both functions, so for e-tendering you buy a Class 3 combo (signing + encryption) certificate — a "signing-only" DSC won't let you encrypt the price cover on many portals.

Sign: proves identity, tamper-evidentEncrypt: seals the financial bid

Pick the right holder

Individual vs Organisation DSC

An individual DSC is in a person's name; an organisation DSC is in the firm's name with a named authorised signatory. For bidding as a company/firm, most departments expect an organisation Class 3 DSC tied to your authorised signatory. A sole proprietor often bids with an individual DSC — but match whatever the tender and your portal registration require.

Individual: person's nameOrganisation: firm + signatory (needs org proof)

The USB token

A Class 3 DSC must live on a secure hardware crypto token (a small USB device — ePass, ProxKey, etc., FIPS-compliant). The private key is generated on the token and can never be copied off it, which is what makes the signature trustworthy. Practical consequences:

You plug the token in and enter a PIN to sign — keep the PIN safe; too many wrong attempts can lock the token.
You must install the token's driver and the portal's signer utility / Java component on the machine you bid from.
One token can hold your certificate(s); don't share it — it is your legal signature.

How to get a Class 3 DSC, step by step

With Aadhaar OTP eKYC, the certificate can be issued in well under an hour; the physical token is then couriered (or you use a token you already own).

The five steps to obtain a Class 3 DSC — Choose a CA, apply, complete eKYC, pay, and download the certificate to your USB token.

Choose a licensed CA (or partner)eMudhra, (n)Code, Capricorn, SafeScrypt, VSign, Pantasign, IDSign and others are licensed under the CCA. Pick the certificate type: Class 3, combo (sign + encrypt), individual or organisation.

Fill the applicationName, firm, email, mobile, PAN and address; for an organisation DSC, the firm's details and the authorised signatory.

Complete eKYC verificationAadhaar OTP, PAN-based or a short video verification confirms your identity. Aadhaar OTP is the fastest.

PayPay the CA's fee online; organisation DSCs cost a little more (extra document checks).

Download to the USB tokenOnce approved, download the certificate onto your FIPS token using the CA's tool. It's now ready to sign and encrypt bids.

Documents required

For	Typically required
Individual DSC	PAN, Aadhaar (for OTP eKYC), a photo, active email & mobile.
Organisation DSC	The above for the signatory plus the firm's PAN/GST, proof of constitution, and an authorisation letter / board resolution naming the signatory.

Aadhaar-linked mobile mattersOTP-based eKYC sends the code to the mobile number linked to your Aadhaar. If that number is outdated, use video or PAN-based verification instead — otherwise eKYC stalls.

Cost & validity

A Class 3 DSC is sold for a validity of 1, 2 or 3 years (3 years is the usual cap). Pricing varies by CA, validity and whether it's individual or organisation, and whether a fresh USB token is bundled — a 2-year combo with token is commonly in the low four figures. Buying a longer validity saves you the renewal hassle and the risk of an expiry catching you mid-tender.

Renew before it expires — there's no graceAn expired DSC can't be "extended"; you apply afresh. The most avoidable disaster in e-tendering is discovering on submission day that your DSC lapsed. Set a reminder a month ahead, and renew early.

Register (map) your DSC on the portal

Owning a DSC isn't enough — each portal must know it's yours. After you enrol as a bidder, you register / map the DSC to your account once, so the portal can verify your signature at bid time:

Log in to the portal (GeM / CPPP / your state GePNIC site), open your profile, and choose register / update DSC.
Plug in the token, select your signing certificate (and encryption where asked), and confirm with the PIN.
Re-register when you renew or change your DSC — a new certificate won't be recognised until it's mapped again.

If you're new to the portals, our how-to-apply guide and the end-to-end tender process walk through enrolment and where the DSC fits.

Where else your DSC is used

One DSC token used across many government portals — One Class 3 token is reusable across many e-government services — tenders are just the start.

The same Class 3 DSC works far beyond tenders — it's accepted across e-government services: GeM and CPPP/GePNIC e-tendering, MCA / ROC company filings, Income-Tax and GST filings, EPFO, ICEGATE (customs), DGFT, and e-auctions. One certificate, many doors — which is another reason a longer validity is good value.

Got your DSC? Find tenders to bid on

70,000+ live tenders across 30+ portals — filter by sector, state, value and work type, free, no login.

Browse live tenders Open the screener

Common DSC errors & quick fixes

Nearly every "my DSC isn't working" panic is one of these — and most are last-day, last-minute. Pre-empt them.

Symptom	Likely cause & fix
DSC not detected	Token driver not installed, token not plugged in, or the signer utility / Java component missing. Install the token driver + the portal's web-signer and retry.
Certificate not showing / wrong one listed	Multiple certificates on the token, or expired one selected. Pick the valid Class 3 signing certificate.
"DSC not registered" / mismatch	The certificate isn't mapped to this portal account, or you renewed without re-registering. Re-register the DSC in your profile.
DSC expired	No grace period — apply for a fresh one. (Prevent: renew a month early.)
Token locked	Too many wrong PIN entries. Use the token tool to unlock with the admin PIN, or contact the CA.
Browser / Java issues	Use a supported browser and keep the signer utility updated; some portals need the Java component running.
Class 2 rejected	Class 2 is discontinued — get a Class 3 DSC.

Do a dry runDays before the deadline, log in, plug in the token, and confirm the portal lists and accepts your DSC. Five minutes of testing beats a failed submission at 2:59 PM on the last day.

Frequently asked questions

Which DSC is required for e-tendering — Class 2 or Class 3?

A Class 3 DSC. Class 2 was discontinued by the CCA from January 2021 and merged into Class 3, so all e-tendering, GeM and e-auction portals now require a Class 3 Digital Signature Certificate.

Do I need a signing or an encryption DSC for tenders?

Both. You need a signing certificate to sign the bid and an encryption certificate to seal your financial bid, so for e-tendering you buy a Class 3 combo (signing plus encryption) certificate.

How long does it take to get a DSC?

With Aadhaar OTP eKYC a Class 3 DSC can be issued in under an hour after payment; if you need a new USB token couriered, allow a few business days for delivery.

How much does a Class 3 DSC cost?

It varies by Certifying Authority, validity (1–3 years), whether it's individual or organisation, and whether a USB token is bundled. A two-year combo with token is commonly in the low four figures of rupees.

What documents do I need for a DSC?

For an individual DSC: PAN, Aadhaar for OTP eKYC, a photo, and an active email and mobile. For an organisation DSC, also the firm's PAN/GST, proof of constitution, and an authorisation letter or board resolution naming the signatory.

Can I use one DSC on multiple portals?

Yes. One valid Class 3 DSC works across GeM, CPPP and state GePNIC tender portals as well as MCA, Income Tax, GST, EPFO and other e-government services — but you must register (map) it once on each portal account.

My DSC expired — can I renew it?

An expired DSC cannot be extended; you apply for a fresh certificate. Renew at least a few weeks before expiry, because an expired DSC will block bid submission with no grace period.

Why isn't the portal detecting my DSC?

Usually the token driver or the portal's signer/Java component isn't installed, the token isn't plugged in, or the DSC isn't registered to your account. Install the driver and signer utility, plug in the token, select the valid Class 3 signing certificate, and make sure it's mapped in your profile.

Related guides

Getting started

The government tender process, step by step

Getting started

How to apply for government tenders

Benefits

MSME benefits in government tenders

Concept

What is EMD (Earnest Money Deposit)?

Getting started

How to register & sell on GeM

Concept

Types of tenders in India