You may notice when on DocuSign’s website that a green padlock sits in front of the URL at the top of your browser. This is a visual cue that our website is secure thanks to SSL certificates, and it’s one that savvy consumers look for when doing business online.

SSL certificates play an important role at DocuSign, and they should be a part of your data privacy efforts too. Find out more about what they are, what they do, and how you can obtain them, with our SSL FAQs, below.

What is an SSL Certificate?

SSL stands for Secure Sockets Layer, and SSL certificates are also known as digital certificates. An SSL certificate creates a secure link between a website and a visitor’s browser. It ensures that all data passed between the two remains private and secure.

There are three types of SSL certificate: Extended Validation (EV SSL), Organisation Validated (OV SSL) and Domain Validated (DV SSL). There are also what is known as wildcard certificates, used to extend SSL encryption to subdomains.

Why do companies need an SSL Certificate?

SSL certificates establish trust between you and your customer. To obtain an SSL Certificate, the purchasing company’s identity must be authenticated. With this safeguard in place, customers know that your business is not only legitimate but that it’s safe to do business with you online.

If you want to accept credit card information on your website, for example, then you will need to comply with Payment Card Industry (PCI) standards. One of the PCI requirements is using an SSL certificate.

SSL certificates also help to prevent you and your customers from suffering a phishing attack. Phishing emails aim to impersonate your website for criminal gain. As the sender cannot receive their own SSL certificate, it makes it far more difficult for them to impersonate your website and easier for them to be caught out.

As a result of SSL encryption, hackers and identity thieves are prevented from stealing private and sensitive information such as addresses, social media logins and credit card numbers. Only the intended recipient will be able to understand the information being sent.

What should I look for in an SSL certificate provider?

The cost of a solution can often be a deciding factor when choosing any tech solution, but when the security of your data it at risk, you shouldn’t necessarily go with the cheapest option. With that in mind, these are the top factors to consider over price alone:

  • Compatibility: The provider should have a high trust pedigree in as many commonly used operating systems, web browsers, apps and devices as possible.
  • Scalability: The provider should also be able to handle volumes that grow with your company, as you may end up needing thousands of certificates per second to be issued.
  • Flexibility: The leading providers offer flexible purchasing terms. Pay-as-you-go, for example, allows you to order certificates  when you see fit, regardless of amount. Bulk balance models also allow you to load money into your account.
  • Platform: Your solution needs to be easy to use, support a variety of workflows and has a dynamic portal.
  • Support: It’s important to evaluate the services and support offerings available to help you succeed. Is an account manager on-hand, online support offered, communities to ask questions, and educational resources enabling you to self-serve?

Where can I find DocuSign’s certificates?

DocuSign’s digital certificates provide higher levels of identity authentication and document transaction security. Digital certificates cryptography uses Public Key Infrastructure (PKI) technology to issue certificates based on X.509 standards to represent the digital identity of a signer.

The latest SSL certificate is always available for download from the DocuSign Trust Site.

Do I need to update my DocuSign SSL certificate?

If you do not have a custom SSL integration then no action is needed. DocuSign’s SSL (secure sockets layer) certificate used for our DEMO, NA1, NA2, NA3 and EU environments occasionally expires (every 2 years). When the SSL certificate is set to expire a new SSL certificate will be used.

That means If you have custom API, Connect, or any other system integration that depends on DocuSign’s SSL certificate then contact your IT department’s network administrator to update the certificate to ensure seamless functionality.