SigningHub Enterprise installer create the secure bindings of SigningHub Enterprise Admin and SigningHub Enterprise Desktop Website by importing SSL certificate  signinghub-default-ssl-server-auth.pfx from [SigningHub Installation Directory]\setup\certs directory on completing the installation process.Use these URLs to access the SigningHub Enterprise web sites:


Access URLs

Service

URL Format

 Example

SigningHub Enterprise Admin

https://<machine-name>:PORT

https://localhost:443

SigningHub Enterprise Desktop Web

https://<machine-name>:PORT 

https://localhost:81

SigningHub Enterprise API

https://<machine-name>:PORT

https://localhost:82

SigningHub Mobile Web

https://<machine-name>:PORT

https://localhost:83

SigningHub Enterprise Demo

https://<machine-name>:PORT

https://localhost:85

SigningHub Core

https://<machine-name>:PORT

https://localhost:86

ADSS Signing Server

https://<machine-name>:8774/adss/console

 https://localhost:8774/adss/console

 

Where necessary (i.e. browsing Admin website or ADSS Signing Server Console) your web browser will prompt you to select the appropriate certificate for authentication purposes. Note the installation process places the necessary certificates into the Windows Security Store, Internet Explorer, Edge, Chrome and related browsers that rely on the security store, can use them as such.


If you wish to use Firefox and similar web browsers that utilize their own respective security stores you will need to import adss-default-admin.pfx and signinghub-default-admin.cer from [SigningHub Installation Directory]\setup\certs directory.

 

When SigningHub Mobile Web is installed as part of SigningHub installation, the installer adds the redirection URLs for Mobile Web e.g. http://machine-name:83/ in [SigningHub-Installation-Dir]/web/web.config file under rewrite element. This is enough if the SigningHub Mobile Web needs to be accessed only within the organization's internal network.

If the SigningHub Mobile Web needs to be publicly accessible, then it is required to manually update these redirection URLs in the web.config file so that interactive version of SigningHub Mobile Web is launched when accessed from a mobile device e.g. replace all http://machine-name:83/ with the configured mobile URL https://mobile.signinghub.com/


There are two options to set secure binding against each SigningHub site:

  1. Using standard IIS web server HTTP redirects.  This means the basic installation is done with various SigningHub sites, where each site has their respective default port/binding but no host name. You can then add new sites for each web site and bind this to the desired external public facing host name and secure port, likely to be 443. Each site can be configured in such a fashion.  Each default SigningHub site can then be configured to permanently redirect to the secure version.
  2. Once the deployment of SigningHub is complete the bindings of each site can be changed to use a secure (443) port.  The new binding will include the appropriate public facing host name.

However, the preferred one is option two.


Once the bindings of IIS web sites have been put in place, access the SigningHub administration console and make changes to the general configuration settings. This means changing the public and private URLs for the Desktop Web and API sites accordingly.  Once done save the changes and Publish them.

Public addresses should also be updated in the following files:

  1. Configure the Mobile Web public URL in [SigningHub-Installation-Dir]/web/web.config file e.g. replace http://machine-name:83/ with the configured mobile URL https://mobile.signinghub.com/
  2. Configure the API public URL in [SigningHub-Installation-Dir]/mobile/web.config file e.g. replace http://machine-name:82/ with the configured mobile URL https://api.signinghub.com/


Please note that for securing the websites you have to follow the Appendix B, C and D of this document.