Skip to main content
Skip table of contents

SignServer Software Appliance 2.9 Release Notes

DECEMBER 2025

We are pleased to announce the release of SignServer Software Appliance 2.9.0.

This release extends the Software Appliance with native Luna USB HSM support, PQC-ready HSM firmware and driver integration for Luna and Entrust, and built-in backup & restore workflows directly inside the UI of the Software Appliance.

Highlights

New version of SignServer Enterprise

SignServer Enterprise has been updated to version 7.5. For more information, see the SignServer Release Notes.

Luna USB HSM support for Software Appliance

This release adds native support for Luna USB Hardware Security Modules in the Software Appliance so that you can recognize, access, and use connected Luna USB HSMs.

PQC-ready HSM firmware and driver integration

This release introduces support for post-quantum–capable HSM firmware and drivers for Luna (Client Software 10.9.0) and Entrust (Security World 13.9.0). You can configure PQC-enabled HSMs for use with EJBCA and related components, ensuring that key and certificate management workflows are compatible with the new algorithms and firmware.

In Appliance backup & restore for Software Appliance

This release enables backup & restore operations directly inside the Software Appliance VM, without relying on external hypervisor tools. This feature requires an NFS backup location (NFS v4.0/v4.1/v4.2). Administrators can trigger on-demand or scheduled backups, perform restores workflows in a guided way. For information on configuring backup locations, retention, restore procedures, see the Software Appliance administration documentation.

Improvements and Corrections

The following lists other improvements and corrections included in the release.

  • Clearer label for audit log protection

    In WebConf, the option is now called “Integrity Protected Security Audit Logs,” making its purpose easier to understand.

  • New defaults for Microsoft SQL Server

    The MSSQL default now sets sendStringParametersAsUnicode=false, improving compatibility and performance for many SQL Server setups. This default is applied only to new external database connections; existing configurations are not changed. You can still remove or override this setting when setting up the external DB connection.

  • Security update for the internal MariaDB database

    The embedded MariaDB has been updated to version 10.6.22, bringing security fixes and stability improvements.

  • Updated Securosys HSM driver

    The Securosys HSM driver has been upgraded from Primus API 2.0.0 to version 2.5.3 (released November 24, 2025), incorporating the latest compatibility improvements and fixes.

  • Redesign HSM Configuration

    Redesigned HSM configuration page to simplify setup and ongoing management, with a clearer layout, improved guidance, and more actionable validation and error feedback.

Upgrade Information

For information on the required steps to update the Software Appliance, see Update Software Appliance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close