Prerequisites

Before deploying EJBCA and SignServer to cloud environments, ensure that the following systems and tools are in place:

• Kubernetes v1.32+

  • kubectl

• Helm v3+

• External access management:

  • Ingress NGINX: Follow the Ingress NGINX Controller Installation Guide to set up Ingress NGINX. Enable controller snippets to allow certificate authentication by setting: controller.allowSnippetAnnotations=true in your Helm chart deployment. This setting is disabled by default starting with Ingress NGINX version 1.9.0.

• Supported database (for non-ephemeral instances):

  • MariaDB

  • MySQL

  • PostgreSQL

  • Oracle Database

  • Microsoft SQL Server or Azure SQL

• Hardware Security Module (HSM):
  One of the supported HSMs listed on HSM Integration.

• EJBCA or another Certificate Authority for infrastructure and signer certificates. ​​