Obtaining a Digital Certificate
• The digital certificate must be an X.509 version 3 certificate.
• All data in the Issuer and Subject fields must be completed.
• The certificate must be valid for at least one year and no more than three years. The FDA recommends certificates that are valid for three years.
• A Class 1 Personal Identification certificate (also known as a Secure Email certificate) is the minimum requirement for a digital certificate for use with the FDA Electronic Submissions Gateway (ESG).
• The FDA supports Public Key Infrastructure (PKI) for securely trading submissions. You can establish your own PKI or outsource it to a third-party certificate authority (CA).
• Before you set up your gateway account and register as a transaction partner for the FDA ESG, send a letter of non-repudiation to authenticate your digital identity.
• For additional requirements, see the “Digital Certificates” and “Letters of Non-Repudiation Agreement” sections of the ESG website at
http://www.fda.gov/esg.