DSC stuck? Match your symptom to the fix before you escalate

Reviewed on: 2026-06-12.

A Class 3 Digital Signature Certificate from a licensed Certifying Authority (CA) normally issues within one to two working days for Indian nationals once video KYC is done. When it stalls, the cause is almost always one of a handful of things. Find your symptom in this table first, fix the root cause, then contact the CA with your application reference. Class 3 is the only class now issued, legacy Class 1 and Class 2 are gone.

Company directors and LLP partners filing on MCA21 (SPICe+, FiLLiP, AOC-4, MGT-7), GST authorised signatories signing returns or appeals, audit-mandatory income tax filers, GeM vendors and e-tender bidders who need a valid Class 3 DSC, DGFT and ICEGATE filers, and anyone needing to revoke a DSC after a token was lost or a signatory changed.

Before troubleshooting, confirm you bought from a licensed CA. Check the official list at cca.gov.in/licensed_ca.html. Over twenty CAs are licensed, including eMudhra, (n)Code Solutions, Capricorn, Protean, XtraTrust, and Vsign. A DSC from an unlicensed reseller is not valid on government portals, and no amount of escalation fixes that.

• Video KYC. It is the standard verification for fresh and renewal applications. If a session failed, reschedule from the portal. Some CAs run Saturday slots. If your CA offers OTP-based Aadhaar eKYC for individuals, that route is faster and skips the scheduled video.
• Name mismatch. The name must match your PAN exactly. If your PAN says “RAMESH KUMAR SHARMA”, do not write “Ramesh K. Sharma”. Re-upload corrected documents, or call the helpdesk to unlock the application for resubmission.
• Payment not confirmed. If money was debited but the portal shows pending, send the bank transaction screenshot with your application reference to the CA's support team.
• Token or driver issue. If the certificate is issued but undetected, reinstall the token driver and the correct emsigner version for that portal, use a direct USB port, update Java where needed, and add the portal URL to Java's exception list. Tokens lock after several wrong PIN attempts, so do not keep guessing.

Getting the certificate from the CA is only half the job. You must register it on each portal you use:

• Income tax: log in at incometax.gov.in, Profile, Register DSC, run the emsigner, insert the token. The DSC must match the taxpayer's PAN.
• GST: gst.gov.in, My Profile, Register / Update DSC, install the emsigner. The DSC must match the authorised signatory's PAN on that GSTIN.
• MCA21: MCA has its own emsigner, attached during form submission rather than a separate registration.
• GeM and e-tender portals: each has its own signing utility, test it before a live bid.

Renewal is essentially a fresh application with video KYC again and the current fee. Your token may be reusable if compatible. Begin at least 30 days before expiry, because the certificate simply stops working at expiry with no grace. Revocation is for a lost or stolen token or a changed signatory. Revoke immediately, every day of delay is a day someone could misuse your digital identity to sign filings. Log in to the CA portal (or ask the CA to initiate it), select the reason, upload the signed revocation form, and the CA updates the Certificate Revocation List. Apply for a fresh DSC with a new token afterwards.

If self-help does not clear the blockage, write a formal complaint to the CA's grievance officer with your application reference, the deadline at risk, and what you have already tried, asking for resolution within three to five business days.

Subject: Urgent, DSC application stuck, Ref [application reference]

To: The Grievance Officer, [Certifying Authority], [CA email]

Applicant: [name as on PAN]   PAN: [PAN]
Application reference: [number]   Date applied: [date]
Type: Class 3, [Individual / Organisation] Signing
Purpose: [GST / MCA / Income Tax / e-tender / GeM]
Deadline at risk: [date and form / portal]

Current status on your portal: [paste status, screenshot attached]
Issue: [e.g. video KYC completed on [date] but certificate not issued /
revocation request of [date] not processed].
Steps already taken: [ticket numbers, re-uploads, reschedules].

I request resolution within [2 to 3] business days, or a written reason
and an estimated date. Given the deadline of [date], further delay causes
direct harm, and I will escalate to the CCA via CPGRAMS if unresolved.

[Name], [mobile], [email], [PAN / GSTIN / DIN]

If the CA stays silent beyond a few business days, escalate to the Controller of Certifying Authorities (CCA), the regulator under MeitY, through CPGRAMS at pgportal.gov.in (select MeitY), or email the CCA grievance officer. For a financial loss caused by the CA's delay, a District Consumer Disputes Redressal Forum is open, because CAs are service providers under the Consumer Protection Act.

The CCA is a public authority under the RTI Act, so you can ask its CPIO for the service standards licensed CAs must meet, whether a specific CA has been found non-compliant or penalised, any advisory or circular on video KYC, and the action taken on a grievance you already filed with CCA. The CAs themselves are private companies, so RTI does not apply to them, you cannot RTI a CA to process your application or release documents. For a private CA, your routes are its grievance officer, CCA as regulator, the consumer forum, and CPGRAMS. RTI also cannot force any authority to meet your individual deadline, it is an accountability tool, not emergency processing. If CCA ignores your RTI, the first appeal route applies.

• Applying too close to the deadline. Issuance is one to two days, but a failed KYC or document issue extends it. Start at least two weeks before a critical filing.
• Assuming renewal is automatic. It is not. Initiate it, redo video KYC, and download the new certificate before the old one expires.
• Forgetting to register the DSC on each portal. The CA issuing it is not enough, register it separately on income tax, GST, and MCA.
• Using the wrong emsigner version. Each portal distributes its own. The wrong or outdated version causes detection failures even with a valid DSC.
• Not revoking a lost token at once. Revoke first, apply fresh second.

For Indian nationals, one to two working days once video KYC is done and documents are correct. Foreign nationals may take three to seven. Longer delays usually mean a document mismatch, a failed or pending video verification, or a CA backlog.

Yes, under CCA guidelines renewal repeats video KYC and fresh documents. You need not buy a new token if the existing one is compatible. The renewed certificate carries a new validity from issuance.

Reinstall the portal's own emsigner, update Java, disable popup blockers for the portal, and use a direct USB port. Try a different browser. If it still fails, contact the CA's technical support.

Yes. Revocation exists for loss, theft, or key compromise. Log in to the CA portal, select the reason, upload the signed revocation form, and the CA updates the revocation list. Do it immediately to prevent misuse.

The Controller of Certifying Authorities (CCA) under MeitY, under the Information Technology Act, 2000. If your CA does not resolve a grievance, escalate to CCA through its grievance portal or CPGRAMS.

You can RTI the CCA for regulatory standards, a CA's compliance, or action taken on a grievance you filed with CCA. You cannot RTI the private CA itself for your individual application delay.

• Defective income tax return notice: a deadline-driven portal response.
• Defence pension discrepancy: escalating a stalled official process.
• Cyber-police lien after a P2P crypto trade: clearing a freeze that blocks compliance.
• All practical guides | How to file RTI online | First and second appeals

Download the DSC unblock and escalation checklist (PDF).