Installation Prerequisites

OpenJDK 21

Note: Only tested together with WildFly 38.

⚠️ Please be aware of the following limitations when using SignServer with Java 21:

• Legacy XAdES: Not supported on Java 21. Use Java 17 or migrate to the modern AdES Signer.

• PKCS11CryptoToken Key Deletion: Due to a Java 21 bug, deleting keys may fail to remove all objects in the HSM when multiple certificates share the same Issuer DN. Consider using P11NG CryptoToken or use Java 17.

• The PKCS11CryptoToken does not work on Java 21 unless the Java process that runs the application server is passed the JAVA_OPTS parameter "--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED". See Troubleshooting in the main SignServer documentation.

OpenJDK 17

Note: The PKCS11CryptoToken does not work on Java 17 unless the Java process that runs the application server is passed the JAVA_OPTS parameter "--add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED". See Troubleshooting in the main SignServer documentation.

WildFly 38

Recommended. For instructions on how to set up your application server, see Application Server Setup.

WildFly 35

For instructions on how to set up your application server, see Application Server Setup.

WildFly 32

For instructions on how to set up your application server, see Application Server Setup.

JBoss EAP 8

For instructions on how to set up your application server, see Application Server Setup.

MariaDB 5.5/10

Recommended.

MySQL 5.5

PostgreSQL 10

Oracle Database 24

Microsoft SQL Server

NoDB

You can choose to install SignServer without a database management system and instead rely on SignServer to manage persistence using local files, see SignServer without Database.

Apache Ant 1.9.1 or later

Apache Maven 3.2.5 or later

Only required when building SignServer from source.

Note: Building is currently only supported using OpenJDK 17.

UTF-8

This makes sure the file name is properly sent back from SignServer even with special characters.