Service access E-Signing

E-Signing is accessible through both Internet and an Extranet to In Groupe. A customer test environment is always available as long as you are a customer. At this page you find information about the URLs and IP addresses to the service and how to get your own test and production setup.

Access Endpoints

The different URLs to customer test and production:

Interface	Customer test	Production
TrustSignMessage (Internet)	https://order.sign-preprod1.nets.eu/tsos/XmlGw	https://order.e-sign.nets.eu/tsos/XmlGw
TrustSignMessage (Extranet)	https://order-ext.sign-preprod1.nets.eu/tsos/XmlGw	https://order-ext.sign.nets.eu/tsos/XmlGw
SignWeb	https://www.sign-preprod1.nets.eu/sign	https://www.e-sign.nets.eu/sign
XML distribution	http://91-102-27-1.nets.no	http://dist.ts.bbs.no
E-Signing validator	https://www.sign-preprod1.nets.eu/validator/index.html	https://www.e-sign.nets.eu/validator/index.html

The different IP addresses to the service:

Interface	Internet	Extranet
XML notification (customer test)	91.102.27.1	91.102.26.126
XML notification (production)	91.102.24.153	91.102.26.126
TrustSignMessage (customer test)	91.102.28.53:443	193.161.30.230
TrustSignMessage (production)	91.102.28.89:443	91.102.25.184:443
SignWeb (customer test)	91.102.28.52:443	Internet only
SignWeb (production)	91.102.28.79:443	Internet only

Legacy endpoints

The below production endpoints will stop working after 15th December 2024:

Interface	Production
TrustSignMessage (Internet)	https://order.sign.nets.eu/tsos/XmlGw
SignWeb	https://www.sign.nets.eu/sign
E-Signing validator	https://www.sign.nets.eu/validator/index.html

TLS Security

The communication with E-Signing is secured using HTTPS. The server certificate used is issued under one of the following Root CAs:

DigiCert Global Root CA until 23rd May 2024 (25th April in test):
- https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
DigiCert Global Root G2 from 23rd May 2024 (25th April in test):
- https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem

Make sure that both these root CAs are trusted in your applications.

E-Signing only supports TLS 1.2 in the communication.

XML notification call back

If XML notification call back shall be used, In Groupe must be provided with the IP address and port (either 80 or 443). Three authentication models are supported:

Basic authentication: In Groupe must be provided with username and password
SSL: Nets must be provided with the root CA certificate
SSL client authentication: In Groupe must be provided with the issuing CA certificate and the client certificate/key store

Nets issued certificate for SDO seal and merchant sign

Nets offers an organisation certificate to our customers to be used for SDO seal and merchant signing. The certificate will be issued by "Nets AS Intermediate CA". Download the CA certificate chain Nets AS Intermediate CA.p7b

Test and production configuration

To use the E-Signing service, a customer needs its own test and production configuration to use the service.

Note: The demo app available in the get started guide will give you access to a common test configuration. This is predefined and can be used to try out the service. It is however recommended to get your own test configuration when you develop and test your own applications.

Test

To setup your test configuration, follow the below steps:

Contact support to request a test access.
Fill out the information requested from In Groupe support and return to the given address. This includes:
1. Info about your organisation.
2. The service(s) to use.
3. URLs to your application(s).
4. The eIDs you will use and some info about specific eID settings.
5. XML notification call back info (if used).
6. If using Standalone UI, logo file (png/gif) 150 pixels wide by 88 high.
Generate a certificate request (*.p10 file) for signing and SSL client authentication and return to the given address. The KeyUtil tool may be used to generate this.
In Groupe support will set up your test configuration and give you the needed credentials (MerchantID and certificate).

To test your application, a set of test users are available here.

Production

To setup your production configuration, follow the below steps:

Contact support to request production access.
Fill out the information requested from IN Groupe support and return to the given address. This includes:
1. Info about your organisation.
2. The service(s) to use.
3. URLs to your application(s).
4. The eIDs you will use and some info about specific eID settings.
5. XML notification call back info (if used).
6. If using Standalone UI, logo file (png/gif) 150 pixels wide by 88 high.
Generate a certificate request (*.p10 file) for signing and SSL client authentication and return to the given address. The KeyUtil tool may be used to generate this.
Dependent on the eIDs available you need to enter into an agreement with the specific eID either through IN Groupe as a partner or directly with the eID.
IN Groupe support will set up your production configuration and give you the needed credentials (MerchantID and certificate).

Incident and change notifications

IN Groupe sends out e-mail and SMS notifications to customers during on-going incidents and e-mail notifications in case of customer affected changes. Customers are added to our notification lists upon customer test and production configuration. To receive e-mail and/or SMS notificiations, send your contact details to our support using the Contact us form.

IN Groupe also sends out monthly SLA reports. If you as a customer wants to receive the report, send your contact details to support using the above form.

Access Endpoints​​

Legacy endpoints​