DocuSign eSignature public certificates

Digital certificates provide higher levels of identity authentication and document transaction security. Digital certificates cryptography uses Public Key Infrastructure (PKI) technology to issue certificates based on X.509 standards to represent the digital identity of a signer. Standard-based signatures is the DocuSign platform for providing a full range of signature capabilities using digital certificates.

 

PKI documentation

  • DocuSign Express Certificate Authority
  • DocuSign External Certificate Authority
  • DocuSign TSCP Certificate Authority

 

Site Certificates

    New Certificates 

    The NA1 and NA2 SSL certificates expire on June 22, 2021. The new certificates will be released, deployed and applied to the DocuSign service end-points on the following dates:

  • The new certificates will be issued and be available for download on May 24, 2021
  • The new certificates will be applied on Wednesday June 16, 2021, 3PM PT

 

 

Intermediate and Root Certificate Authorities (CA) for Site Certificates 

Current Certificates

 

SSO Certificates

Current 

**Note: The Intermediate and Root certificates related to the new SSO certificate are as follows:

 

Connect Certificates

The Connect certificates are used for Mutual TLS and for digitally signed, SOAP-formatted notification messages.

New Connect Certificates Availability & Schedule.

The common names in scope in this new certificate update are:

  • DocuSign Developer Sandbox (Demo): demo.connect.docusign.net
  • DocuSign North American Services (NA1, NA2, NA3, NA4): connect.docusign.net
  • DocuSign European Services (EU): eu.connect.docusign.net
  • DocuSign Australian Services (AU): au.connect.docusign.net
  • DocuSign Canadian Services (CA): ca.connect.docusign.net

The renewed DocuSign Connect x.509 certificates listed below are slated to be introduced into the DocuSign Service in the March 2021 – June 2021 timeframe.

The “Offer” dates specified below is the date the renewed certificate will be available for consumption in the DocuSign Connect service alongside the current certificate and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption

  • DEMO environment Connect X.509 (3KB): current as of March 7 2021, expires on March 16, 2022 is now available for download. The DEMO certificate will be offered on March 24th 2021. This new certificate will be enforced as the sole connect certificate on April 21 2021.
  • NA1, NA2, NA3 and NA4 X.509 (3KB): current as of April 19, 2021 , expires April 25, 2022 is now available for download. The NA certificate will be offered on May 5th 2021. This new certificate will be enforced as the sole connect certification June 2 2021.
  • EU environment X509 (3KB): current as of March 22 2021, expires March 28 2022 is now available for download. The EU certificate will be Offered on April 21 2021. This new certificate will be enforced as the sole connect certificate on May 19 2021.
  • AU environment Connect X.509 (3KB): current as of March 22 2021, expires March 28 2022, is now available for download. The AU certificate will be Offered in the system April 7 2021. This new certificate will be enforced as the sole connect certification May 5 2021.
  • CA environment Connect X.509 (3KB): current as of March 22 2021, expires March 28 2022, is now available for download. The CA certificate will be offered on April 14 2021. This new certificate will be enforced as the sole connect certification May 12 2021.
  • New Intermediate certificate: expires on September 23, 2030 (Thumbprint:1d7322b41ed99fdd68511bab786c8e26e0831b3b) 
  • New Root certificate: expires on January 15, 2038 (Thumbprint: df3c24f9bfd666761b268073fe06d1cc8d4f82a4)

Notes:

*New certificates will have a maximum protection lifetime of 397 days vs. 2 years in the past. Customers should adjust their change schedules to manage updates to this new period.  
**Customers leveraging the older certificates after the enforce dates listed above will experience connectivity failures if they do not infrastructure move to using the renewed certificate.

 

  • Current Connect Certificates
  • The common name for each certificate is:
    • DocuSign Developer Sandbox (Demo): demo.connect.docusign.net
    • DocuSign North American Services (NA1, NA2, NA3, NA4): connect.docusign.net
    • DocuSign European Services (EU): eu.connect.docusign.net
    • DocuSign Australian Services (AU): au.connect.docusign.net
    • DocuSign Canadian Services (CA): ca.connect.docusign.net
    • Intermediate Certificate: SHA2 Secure Server CA
    • Root Certificate: DigiCert Global Root G2 CA

 

Security Appliance Certificates​

  • Current Security Appliance Certificate
  • Current DocuSign Client certificate: the current certificate for DocuSign Security Appliance client validation, expires on April 4, 2022
  •  
  • The required Root and Intermediate CA certificates are:
  • Intermediate certificate: expires on July 2, 2030
  • Root certificate: expires on January 15, 2038
  • DigiCert Root and Intermediate CA is also listed under “Intermediate and Root Certificate Authorities (CA)” section.
  •  

Account Server Certificates

 

New Account Server Certificate Availability and Force Schedule: 

The new  account server SSL certificates listed below are slated to be issued introduced into the DocuSign Service between May 2021 - June 2021.

The new  account server SSL certificates listed below are slated to be introduced into the DocuSign Service between May 26 2021 - June 2, 2021. The "enforced" date and time below is the date when the new account server SSL certificates will be active for the DocuSign Service and be the “only” option for the account; i.e. the "current" account server SSL certificate will no longer be available after the “enforced” date below.

  • eu.account.docusign.com (3KB): the new EU account server SSL certificate, expires June 3 2022. This certificate will be enforced on Wednesday May 26 2021 3 PM PT  
  • ca.account.docusign.com (3KB): the new CA account server SSL certificate, expires June 3 2022. This certificate will be enforced on Wednesday May 26 2021 3 PM PT
  • au.account.docusign.com (3KB): the new AU account server SSL certificate, expires June 3 2022. This certificate will be enforced on Wednesday May 26 2021 3 PM PT
  • na.account.docusign.com – Will be available on Wednesday May  24 2021. This certificate will be enforced on Wednesday June 23 3PM PT

Note: a new DigiCert High Assurance EV Root CA certificate and new DigiCert SHA2 Extended Validation Server CA intermediate certificate will be required as well. 

   

  • Current Account Server Certificates

na.account.docusign.com (3KB): the new NA account server SSL certificate, expires June 29 2021

eu.account.docusign.com (3KB): the new EU account server SSL certificate, expires June 7 2021

ca.account.docusign.com (3KB): the new CA account server SSL certificate, expires June 7 2021

au.account.docusign.com (3KB): the new AU account server SSL certificate, expires June 7 2021​

account-d.docusign.com (2.6 KB): the current demo account server SSL certificate, expires on March 3, 2022

account.docusign.com (2.6 KB): the current account server SSL certificate, expires on March 26, 2022

  • DigiCert Root and Intermediate CA is also listed under “Intermediate and Root Certificate Authorities (CA)” section.

 

Signed By Certificates

Current Signed by Certificate

  • Signed by certificate (2.5 KB): the current Signed by certificate, expires on March 28, 2022
  •  
  • The required Root and Intermediate CA certificates are:

  • Intermediate certificate: expires on July 2, 2030

  • Root certificate: expires on January 15, 2038
  • DigiCert Root and Intermediate CA is also listed under “Intermediate and Root Certificate Authorities (CA)” section

 

Entrust Certificates

The current Certificates in Production are as follows: 

 

DocuSign ECA Certificates

 

DocuSign TSCP Certificates

 

DocuSign France