Customers who use the DocuSign Connect feature
the HTTPS protocol
when receiving notifications from DocuSign.
The upgrade must be completed by May 1, 2018 or your
custom Connect application will no longer work.
This page tells you what you need to do
to make sure that your Connect applications
continue to work correctly
after May 1, 2018.
Who is affected?
This process applies only if
you use Connect in your application,
and one of the following is true:
- You use the HTTP protocol in the URL in your Connect
- You use envelope-specific Connect notifications,
via the Envelopes::create
and you use the HTTP protocol.
Step 1. Update your server to accept HTTPS requests
Each of your servers that receive notification
messages from DocuSign Connect must use HTTPS.
Acceptable SSL/TLS certificates
DocuSign requires that your server’s SSL/TLS certificate
meet the following requirements:
- The certificate must chain to
a certificate authority (CA) in the
Microsoft Trusted Root Certificate Program.
You can use a free certificate from
or any low-cost certificate from a CA on the Microsoft list.
- The certificate must not be a self-signed certificate.
Your certificate does not need to provide Extended Validation.
Adding SSL/TLS to your server
This process is server- and software-specific.
Consult the documentation for your web server software
for details on enabling HTTPS.
Your IT department may also be able to help.
Testing your server
If your server includes a web page available through a GET operation,
then simply use a web browser to open the page
on your server.
Check that the SSL/TLS indicator in your browser is green
no cautions or warnings.
Step 2. Update your Connect custom configurations to use an HTTPS URL
- Log into DocuSign with Administrator privileges.
Use the Goto Admin link near your picture to open the
- In the Admin Tool, click Connect in the Integrations
section of the navigation column.
- The Admin tool will display a list of your account’s
In the screenshot below, the Basic Auth listener and OK listener
configurations are custom configurations that may need to be
- For each configuration, click Edit in the Action menu,
or double-click its row to open it for editing.
- Check the URL to Publish fields in each configuration,
and edit it to start with HTTPS instead of HTTP.
Step 3. Update API applications that use envelope-specific Connect
Signature API programs (SOAP or REST) can create and send
envelopes. An optional parameter,
be used to create an envelope-specific Connect subscription for
just that envelope.
If your applications use the
you must make sure that it uses an HTTPS URL.
Updating your application is application-dependent. It is
common for URLs to be stored in a configuration file
for the application.
If you’re not sure whether your application creates envelope-level
Connect subscriptions, you can test your application:
Using the System Updates panel (see below), you can temporarily
require HTTPS for all Connect applications in your account.
If your application continues to work properly,
you do not need to make changes.
If you see error messages in the Connect Failures page,
you will need to update the URL to use HTTPS.
Step 4. Activating and testing HTTPS-only for your account
This is the final step for updating
your application to use only HTTPS.
This step can also be used as a test: update your account to
HTTPS-only mode, and then check that all of your applications
continue to work properly with no error messages on the
Connect Failure page.
If either your account-level or envelope-specific
Connect subscriptions use an HTTP URL, you will
see a failure message in the Connect Failures log.
You will get an error message
if you try to enter an HTTP URL in a
Connect configuration (subscription)
through the Admin Tool.
Error notifications from API methods
If you call Envelopes::create with
eventNotification with an
HTTP URL, the method call will succeed.
However, when Connect attempts to send the notification
message, it will fail, and an error message will be posted to
the Connect Failure log.
Calling ConnectConfigurations::create with an HTTP URL
returns an error.
Activating HTTPS-only for your account
- If you logged out of the Admin tool,
log into DocuSign with Administrator privileges.
Use the Goto Admin link near your picture to open the
Click System Updates in the Account section
of the navigation column.
- Activate HTTPS-only mode by using the Actions menu
in the row that says Only HTTPS.
You can deactivate HTTPS-only mode until the
Auto-Activation date for your account.
After that date, HTTPS-only mode will be
Frequently Asked Questions
Q. Why is DocuSign requiring HTTPS for Connect servers?
A. DocuSign Connect is used to transmit sensitive data
about your envelopes across the Internet. As part of
DocuSign’s focus on security, we are upgrading all
notifications to use HTTPS only.
Q. My account’s System Update panel shows that HTTPS only
is already active, and I can’t deactivate it. Why?
A. Many accounts which were not using HTTP Connect URLs
in the past have already been upgraded to HTTPS only mode.
Q. I’m not sure that I will be able to update my
organization’s servers to HTTPS by May 1. How
solid is that deadline?
A. Very solid. Upgrading servers to support HTTPS is a well-understood
process. DocuSign is focused on having all of its
Connect customers upgraded by May 1, 2018.
DocuSign first announced its plan to update all Connect notifications
to HTTPS on March 3rd, 2017.
Q. Why can’t I use a self-signed certificate? Commercial
certificates are expensive.
A. DocuSign verifies the trust path of Connect server
certificates. This process will only complete if
your server’s certificate chains to a CA in the
Microsoft list of trusted CAs.
You can get a free certificate from
the Let’s Encrypt project.
commercial certificates are available for $10 per year.
Q. I have more questions, whom can I ask?
A. Contact DocuSign customer support if you have more