SigningHub Enterprise installer create the secure bindings of SigningHub Enterprise Admin and SigningHub Enterprise Desktop Website by importing SSL certificate  signinghub-default-ssl-server-auth.pfx from [SigningHub Installation Directory]\setup\certs directory on completing the installation process.Use these URLs to access the SigningHub Enterprise web sites:


Access URLs

Service

URL Format

 Example

SigningHub Enterprise Admin

https://<machine-name>:PORT

https://localhost:443

SigningHub Enterprise Desktop Web

https://<machine-name>:PORT 

https://localhost:81

SigningHub Enterprise API

https://<machine-name>:PORT

https://localhost:82

SigningHub Enterprise Demo

https://<machine-name>:PORT

https://localhost:85

SigningHub Core

https://<machine-name>:PORT

https://localhost:86

ADSS Signing Server

https://<machine-name>:8774/adss/console

 https://localhost:8774/adss/console

 

Where necessary (i.e. browsing Admin website or ADSS Signing Server Console) your web browser will prompt you to select the appropriate certificate for authentication purposes. Note the installation process places the necessary certificates into the Windows Security Store, Internet Explorer, Edge, Chrome and related browsers that rely on the security store, can use them as such.


If you wish to use Firefox and similar web browsers that utilize their own respective security stores you will need to import adss-default-admin.pfx and signinghub-default-admin.cer from [SigningHub Installation Directory]\setup\certs directory.

There are two options to set secure binding against each SigningHub site:

  1. Using standard IIS web server HTTP redirects.  This means the basic installation is done with various SigningHub sites, where each site has their respective default port/binding but no host name. You can then add new sites for each web site and bind this to the desired external public facing host name and secure port, likely to be 443. Each site can be configured in such a fashion.  Each default SigningHub site can then be configured to permanently redirect to the secure version.
  2. Once the deployment of SigningHub is complete the bindings of each site can be changed to use a secure (443) port.  The new binding will include the appropriate public facing host name.

However, the preferred one is option two.


Once the bindings of IIS web sites have been put in place, access the SigningHub administration console and make changes to the general configuration settings. This means changing the public and private URLs for the Desktop Web and API sites accordingly.  Once done save the changes and Publish them.

Public addresses should also be updated in the following file:

  1. Configure the API public URL in [SigningHub-Installation-Dir]/mobile/web.config file e.g. replace http://machine-name:82/ with the configured mobile URL https://api.signinghub.com/


Please note that for securing the websites you have to follow the Appendix B, C and D of this document.




See also