Tutorials and Guides
Get started with guides and tutorials for trying out and evaluating SignServer and view guides on how to start using code signing.
Get started with SignServer
Get started with a tutorial for trying out and evaluating SignServer.
→ Start SignServer Container with Client Certificate Authenticated Access
Get started with SignServer using Helm
Learn how to deploy SignServer in Kubernetes using our open-source Helm chart.
→ Tutorial - Deploy SignServer using a Helm chart
Try out post-quantum signing
Try out post-quantum signing to experiment and prepare for the transition to quantum-safe algorithms.
Learn how to set up your first post-quantum PKI with EJBCA and sign data using SignServer with the NIST candidate algorithm Dilithium.
→ Tutorial - Create a Post-Quantum PKI using EJBCA
→ Tutorial - SignServer Post-Quantum signing
Get started with container signing
Learn how to use SignServer together with Cosign to create signed container images.
→ SignServer Container Signing with Cosign
Sign Code in GitHub Workflows with GitHub Actions
Learn how to secure your pipeline and build trust in your software supply chain.
→ Tutorial - Sign Code in GitHub Workflows with GitHub Actions and SignServer
Code Signing How-to Guides
How-to guides on setting up SignServer for different code signing use cases.
Code Signing Technical How-to
This technical guide describes the code signing use case and how to start using code signing for signing of executable files, software releases, firmware or other custom formats.
→ Code Signing Technical How-to
Post-Quantum Code Signing How-to
As the time to roll out new Post-Quantum Cryptography (PQC) algorithms gets closer, it is wise to establish a high level of crypto agility in your organization and to try out the new algorithms as final candidate implementations become available from the NIST Post-Quantum Cryptography competition.
This guide demonstrates code signing based on SignServer using the post-quantum SPHINCS+ algorithm through Bouncy Castle and allows you to try out creating post-quantum keys and signatures.
→ Post-Quantum Code Signing How-to
Authenticode Code Signing Technical How-to
A brief guide for the use case SignServer Cloud and Authenticode signing, covering launching SignServer Cloud and trying out code signing using the Microsoft Authenticode digital signature format.
→ Authenticode Code Signing Technical How-to
Jenkins Integration for Automated Code Signing
A guide demonstrating an integration between SignServer and Jenkins for automated code signing in a CI/CD Pipeline. Includes using the SignServer JArchive CMS Signer for JAR signing and running a Jenkins Pipeline building and delivering the app, and using Client Certificate Authentication to authorize Jenkins to sign files in SignServer.
→ How To Integrate Jenkins with SignServer for Automated Code Signing