Does your Connect or eventNotification application use the Connect X.509 certificates to confirm that the notification messages were sent by DocuSign? If so, your application must be updated to use the renewed certificates by May 16th (Europe) or May 23rd (North America and the rest of the world).

Some background: The DocuSign Connect service uses webhooks to deliver envelope event notifications to subscribers, enabling them to reliably track an envelope’s status throughout its lifetime.  Applications that consume Connect notifications may use X.509 certificates to guarantee that the incoming notification message is authentic in one of two ways:

  • Mutual TLS: the customer’s server (your listener) ensures that the certificate sent by DocuSign is the expected certificate.
  • Digitally signed SOAP messages: the customer’s server verifies the digital signature to confirm that it was signed by DocuSign.

Because these checks are optional, many Connect applications do not use the Connect certificates. If your application does not use Connect certificates, no update is required. Otherwise, if your application uses Connect with either Mutual TLS or digitally signed SOAP messages, then you must update your application to use the new certificates.

Note that, for new applications, DocuSign recommends using the Connect Basic Authentication feature to authenticate and authorize incoming notification messages. This feature is only available for Connect subscriptions created from the NDSE Administration tool that use standard XML notification messages (not SOAP format).

Full information on the certificate renewal is available from DocuSign. You can already test out the renewed certificate (and the new root certificate) on the DocuSign Developer Sandbox / demo platform.

See you in San Francisco!

The DocuSign Momentum 2018 conference schedule and registration are now available. The conference is June 20-21. See you there!

Tags