From the FDA ESG website:
"The Food and Drug Administration (FDA) Electronic Submissions Gateway (ESG) is an Agency-wide solution for accepting electronic regulatory submissions. The FDA ESG enables the secure submission of regulatory information for review.
The FDA ESG is the central transmission point for sending information electronically to the FDA. Within that context, the FDA ESG is a conduit along which submissions travel to reach their final destination. It does not open or review submissions; it automatically routes them to the proper FDA Center or Office."
"FDA forms (e.g., 1571, 356h) and documents require a signature. The FDA's General Counsel (GC) has said that the FDA must be able to determine the origin of a submission in order to implement fully electronic submissions. The PKI (x.509 version 3 class I) Certificate employed by the ESG allows the FDA to determine the origin of the submission through the use of a public/private key exchange."
GlobalSign offers the required X.509 V3 Client Digital Certificate, allowing users to electronically submit data to the FDA.
The FDA's Webtrader Account Checklist will help you keep track of your progress and provide additional details on the account setup process.
GlobalSign's PersonalSign products are fully compatible with the FDA ESG.
You must use an e-mail address associated with your business. The e-mail must also contain your name.
You can use SHA-256 Certificates to make FDA submissions.
The FDA supports SHA-256 for both the ESG and for S/MIME (secure/encrypted email purposes). All customers should use SHA-256 Certificates for FDA related use cases. Please note: GlobalSign has deprecated SHA-1 PersonalSign (Client Certificates) on December 2017.
The FDA is in the midst of migrating to a new S/MIME proxy which supports SHA-256. Any newly added users are being added to this new system.
The FDA is allowing those customers with unexpired SHA-1 Certificates to continue to use them. The migration is domain by domain, so if one person from an existing domain which is still on the old S/MIME system wants to upgrade to SHA-256, all users set up for S/MIME from their domain would have to be migrated over at the same time to support that. The FDA is working with those who need to be moved over earlier as well, vs. waiting for their migration phase.
Shared accounts Policy
1. How do I set myself up with a Certificate, so I can access the FDA?
When you’ve completed your checklist, you can start the enrollment process using the following steps:
Step 1: Request a WebTrader test account using this link:
Step 2: Order your PersonalSign Certificate:
Step 3: Download and install your Certificate:
Step 4: Export your public key:
Step 5: Set up a test account:
Step 6: Complete a test submission:
2. How do I reissue my Certificate?
You can reissue your Certificate through your GCC account using the following guide:
3. How do I renew my Certificate?
For steps on how to renew, simply follow the instructions on this guide:
4. I can’t find my pfx file for my Certificate, where do I find it?
If you no longer have a copy of the original Certificate downloaded on your computer, then you will need to reissue the Certificate to receive in a new .pfx file. Please refer to:
5. I’m encountering an error whilst using my PersonalSign Certificate, what does it mean?
Errors can occur when using your PersonalSign Certificate, for more information about why the error may be happening, please consult:
6. How do I encrypt my email with FDA contacts?
For a step-by-step process, please refer to: