DocuSign eSignature public certificates

Digital certificates provide higher levels of identity authentication and document transaction security. Digital certificates cryptography uses Public Key Infrastructure (PKI) technology to issue certificates based on X.509 standards to represent the digital identity of a signer. Standard-based signatures is the DocuSign platform for providing a full range of signature capabilities using digital certificates.

To view the technical details of each certificate including but not limited to: Issue date, Expiry date, CN, Issuer, Thumbprint, Signature Algorithm, chaining and other technical metadata, please download and view the respective files below.

DocuSign Express Service

New Service Offerings

The new DocuSign Express email service will be available to customers and “Offered” as of January 10th 2022. The new Express email service certificates will be available in the service for consumption alongside the existing DocuSign Express email service until the “Force” date of March 9th 2022. After the Force date the new certificate will be the only option.  i.e. the current certificate will no longer be available for consumption. The new service documentation and certificate is available below.

New Express Policies

New DocuSign Express email service certificate

Current DocuSign Express Mail Service

PKI documentation

DocuSign Express Certificate Authority

DocuSign External Certificate Authority

DocuSign TSCP Certificate Authority

Root CA For DocuSign Express Mail Service

Connect Certificates

The Connect certificates are used for Mutual TLS and for digitally signed, SOAP-formatted notification messages.

New Connect Certificates Availability & Schedule.

The common names in scope in this new certificate update are:

  • DocuSign Developer Sandbox (Demo): demo.connect.docusign.net
  • DocuSign North American Services (NA1, NA2, NA3, NA4): connect.docusign.net
  • DocuSign European Services (EU): eu.connect.docusign.net
  • DocuSign Australian Services (AU): au.connect.docusign.net
  • DocuSign Canadian Services (CA): ca.connect.docusign.net

The renewed DocuSign Connect x.509 certificates listed below are slated to be introduced into the DocuSign Service in the January 2022 – April 2022 timeframe.

The “Offer” dates specified below are the date the renewed certificate will be available for download on this site and consumption in the DocuSign Connect service alongside the current certificate and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption.

Notes:

*New certificates will have a maximum protection lifetime of 397 days. Customers should adjust their change schedules to manage updates to this new period.

**Customers leveraging the older certificates after the enforce dates listed above will experience connectivity failures if they do not update their infrastructure updates to use the renewed certificates prior to the 2022 Force dates above.

Current Connect Certificates

The common name for each certificate is:

  • DocuSign Developer Sandbox (Demo): demo.connect.docusign.net
  • DocuSign North American Services (NA1, NA2, NA3, NA4): connect.docusign.net
  • DocuSign European Services (EU): eu.connect.docusign.net
  • DocuSign Australian Services (AU): au.connect.docusign.net
  • DocuSign Canadian Services (CA): ca.connect.docusign.net
  • Intermediate Certificate: SHA2 Secure Server CA
  • Root Certificate: DigiCert Global Root G2 CA

Current Certificates

Security Appliance Certificates

The “Offer” dates specified below are the date the renewed certificate will be available for download on this site and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption.

DocuSign Client certificate: expires on March 4, 2023. This new certificate is for both Demo and Production. This new certificate will be enforced as the sole certificate on March 31, 2022.

*** Testing the new certificate can start in the client's Demo environment after the offer date.

*** Testing the new certificate can start in the client's Prod environment after March 7, 2022.

Current Security Appliance Certificate

The required Root and Intermediate CA certificates are:

Signed By Certificates

The “Offer” dates specified below are the date the renewed certificate will be available for download on this site and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption.

Current Signed by Certificate

The required Root and Intermediate CA certificates are:

Intermediate certificate: expires on July 2, 2030
Root certificate: expires on January 15, 2038
DigiCert Root and Intermediate CA is also listed under “Intermediate and Root Certificate Authorities (CA)” section

Entrust Certificates

The current Certificates in Production are as follows:

DocuSign ECA Certificates

DocuSign TSCP Certificates

DocuSign France

 

SSO Certificate

SSO Service Provider certificate is optional for customers. Customers can choose to use it to sign AuthN requests and/or for saml response encryption. Download the 2022 DocuSign SSO Self-Signed Certificate at https://www.docusign.com/file/105805, and learn more about this update at DocuSign SSO Cert Renewal - Action Required.  

 

Network Traffic Certificates

Site Certificates

The “Offer” dates specified below are the date the renewed certificate will be available for download on this site and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption.

NA1 (www) SSL Certificate (3 KB): expires June 18, 2023. This new certificate will be enforced as the sole certificate on June 22, 2022.
NA2 SSL Certificate (3 KB): expires June 18, 2023. This new certificate will be enforced as the sole certificate on June 22, 2022.

Current Site Certificates

Intermediate and Root Certificate Authorities (CA)for Site Certificates

Current Certificates

Account Server Certificates

The “Offer” dates specified below are the date the renewed certificate will be available for download on this site and the “Force” date is when the renewed certificate will be the only option i.e. the current certificate will no longer be available for consumption.

New Account Server Certificates

  • eu.account.docusign.com (3KB): expires June 3, 2023. This new certificate will be enforced as the sole certificate on June 1, 2022.
  • ca.account.docusign.com (3KB): expires June 3, 2023. This new certificate will be enforced as the sole certificate on June 1, 2022.
  • au.account.docusign.com (3KB): expires June 3, 2023. This new certificate will be enforced as the sole certificate on June 1, 2022.
  • na.account.docusign.com (3KB): expires June 18, 2023. This new certificate will be enforced as the sole certificate on June 22, 2022.

Current Account Server Certificates

DigiCert Root and Intermediate CA is also listed under “Intermediate and Root Certificate Authorities (CA)” section.

Note: a DigiCert High Assurance EV Root CA certificate and new DigiCert SHA2 Extended Validation Server CA intermediate certificate will be required for the current certificates above as well.