You are viewing limited content. For full access, please sign in.

Question

Question

Docusign Connect & Certificates

asked on January 23

It appears I am stuck with the setup. I've setup Docusign Connector, installed the Docusign app, done the config.xml, using IIS, setup firewall and it looked pretty good to me. But when I try to get Docusign to send  something I get some sort of certificate validation error. Can anyone tell me EXACTLY which certificate(s) from Docusign (Canada) I need installed on IIS and which store(s) they go in. 

 

PS: It does appear it's the only thing not documented properly because I can't find the correct solution.

Tks.

Jim..

0 0

Replies

replied on January 23

If I understand the error you are getting, it's DocuSign telling you that the SSL certificate they see does not match the host name that they are sending to. It shouldn't have anything to do with DocuSign certificates. Can you connect to that endpoint from outside your network and confirm that the certificate is valid and matches the url?

0 0
replied on January 24

This is where the problem arises:

We have to use a PUBLIC IP for our Docusign Connector url. 

The PC running the import is a firewalled computer

I've allowed the Docusign static ip's through our firewall to that pc only (any port)

Since it is not a public facing machine (or have a public dns entry) I have to use a self-signed certificate. But of course doing that created a cert based on the pc name, and if I check the box for 'Require Server Name Indication' I still have to enter name not ip address as I require on the docusign end.

 

 

0 0
replied on January 24

In theory this could be resolved by you sending DocuSign your certificate, and they could add it to their trusted list. I don't believe that they offer this functionality and instead they require that your certificate be signed by one of the standard CAs. As you say, this requires a dns entry, but to be clear that doesn't require that your internal machine have a public IP. Depending on your exact setup, it might be that the entry resolves to your firewall, which forwards the traffic to the internal server. And one thing to look into and decide is where the decryption happens - at the firewall or on the internal server, or potentially both.

0 0
replied on January 25

Okay, I got a 90 day cert for testing

Used: https://myserver/DocuSignConnectService/diagnostics/testlogin

for internal test, now I'm getting a new error stating reading/parsing the config.xml

i've attached 2 files, config and eventlog. I can't see what the error is (config is an xml).

 

Sooo Close

lf-Config.txt (2.01 KB)
0 0
replied on January 25

Your configuration is incorrect
- The Laserfiche account and password are missing.
- The port does not need to be 443 but 80
- No need to use TLS

 

If you want to encrypt the password you have a utility located in ..\Program Files\Laserfiche\Web Import Services\DocuSignConnectService\Config\DocuSignConfigEncryptionToggle.exe

example of configuration that works

<LaserficheServer>localhost</LaserficheServer>
    <LaserfichePortNumber>80</LaserfichePortNumber>
    <LaserficheRepository>Repository</LaserficheRepository>
    <LaserficheUserName>Admin</LaserficheUserName>
    <LaserfichePassword>xxxxxx</LaserfichePassword>
    <LaserfichePasswordEncrypted>false</LaserfichePasswordEncrypted>
    <ACSSharedSecretEncrypted xsi:nil="true" />
    <UseTLS>false</UseTLS>

 

I hope this can help you

0 0
replied on January 26

Thanks, we got it working to the point of it needs a license that we were told it didn't, waiting on that to be resolved. As for the port 80 or 443, IIS does have a certificate and bound for 443 and 80 is still bound of course. Guess I'll play with username etc once license is dealt with

0 0
replied on January 26

@████████ I will need to implement this same solution very soon for a customer and would love to have more information about the license requirement you mentioned. 

  1. Was it a DocuSign or Laserfiche license adjustment that was required?
  2. In either case, which additional license or license type was required to make this work ?


We're currently under the impression that it is included in our customers current license structure on the Laserfiche side, but I want to be sure that is accurate. 

Thank you all for the helpful thread!

0 0
replied on January 26

Regarding the license, it is to be purchased from the DocuSign side. The DocuSign add-on provided by Laserfiche does not require a license.


To do your tests you can use the DocuSign SandBox which has the same functionalities as the production platform.
https://go.docusign.com/sandbox/productshot/

DocuSign integration with Laserfiche is done either from the Laserfiche client which sends directly to DocuSign or by using the very rich DocuSign API. This last method requires you to develop your own webservice which will be called via a workflow.

In both cases, "DocuSignConnectService" must be installed to receive signed documents and certificates in Laserfiche.

0 0
replied on January 27

Samir:

We have a DocuSign acct. I received the 'Updated' license (refreshed in lfds) this am from Laserfiche with a 'Docusign Intergation'. Using the default admin acct in config.xml, tried: http://mypc/DocuSignConnectService/diagnostics/testlogin and it still says 

Not licensed for DocuSign integration. [9179]

Installed on a separate pc from the actual laserfiche server which is supposed to work.

 

 

0 0
replied two days ago

Make sure that you updated the license for the Laserfiche server and restart the service. That's the one where the DocuSign feature is added to.

0 0
replied two days ago Show version history

Brian: We have a valid certificate installed and can connect from outside our network. (did the whole dns etc)

 

Robert: We were lead to believe it was part of our LF licence but alas we had to purchase (and reboot)

 

Samir: Tried every type of option either in the config.xml or the docusign connect settings

 

Docusign has said it's a TLS issue but I only have TLS 1.2 (client & server enabled) 1.0 & 1.1 disabled.

 

PS: I know it's going to be something stupid like 1 checkbox somewhere!

0 0
replied one day ago

Problem has been solved: Our firewall (SonicWall) had to change the management ports (80,443) to unused ports even though those ports could only be used inside it affected outside the network wan ports. Docusign was seeing the self-signed cert for the firewall not the legit certificate.

 

1 0
replied on January 24

Your server must have an accessible public address https://<fully qualified name>

On IIS you must import a valid SSL certificate with your domain name (be careful, it must not be self-signed).

To test the DocuSign connector
https://<Fully qualified name>/DocuSignConnectService/diagnostics/testlogin

server_certificate.png
config.png
test_connexion.png
config.png (125.34 KB)
0 0
replied on January 30

Getting closer, needed to reboot the server (not just service) and can get successful testlogin from inside/outside network.

Docusign stll gives us a: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.; The remote certificate is invalid according to the validation procedure.

 

We do have a legit certificate installed on IIS, So what gives with the Docusign error?

Jim..

0 0
replied on January 30

In the configuration file  ..\Program Files\Laserfiche\Web Import Services\DocuSignConnectService\Config\config.xml

Try to save the option"UseTLS" to false

<LoginInfo>
     <LaserficheServer>localhost</LaserficheServer>
     <LaserfichePortNumber>80</LaserfichePortNumber>
     <LaserficheRepository>Repo</LaserficheRepository>
     <LaserficheUserName>Admin</LaserficheUserName>
     <LaserfichePassword>xxxxx</LaserfichePassword> <LaserfichePasswordEncrypted>false</LaserfichePasswordEncrypted>
     <ACSSharedSecretEncrypted xsi:nil="true" />
     <UseTLS>false</UseTLS>
   </LoginInfo>

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.