.png){kind=logo}
Get Started with SignServer
SignServer offers flexible deployment options to help you get started with centralized digital signing for testing, evaluation, and early-stage prototyping, without the need for a full-scale production setup. These approaches provide flexibility in exploring SignServer’s capabilities and validating integrations with your software supply chain, PKI, or application infrastructure.
Here is an overview of the deployment options:
Deployment Option | Use Case | Data Persistence | Tooling | SignServer edition |
|---|---|---|---|---|
Test and integration testing. | Persistent until deleted. Can also be deployed as ephemeral | Deploy with Docker | SignServer Community | |
Production-like environments, platform teams. Enterprise edition provides additional features | Persistent (depends on setup). | Cloud-native deployment. | SignServer Enterprise and SignServer Community | |
PQC certificate issuing and artifact signing | Preconfigured Keyfactor Test Drive available for 30 days. | Preconfigured Keyfactor Test Drive on Azure | SignServer Enterprise | |
Full-featured SignServer Enterprise evaluation | 30-day trial | AWS/Azure Marketplace | SignServer Enterprise |
SignServer Community vs Enterprise Options
Deployment options are provided for both the SignServer Community and SignServer Enterprise editions:
SignServer Community Edition provides a core set of capabilities for evaluation and testing. It is open-source and well-suited for testing, learning, and prototyping, but it is not designed or supported for production use.
SignServer Enterprise Edition is recommended for environments supporting business-critical systems or regulated infrastructure. It offers the security hardening, automation, scalability, and professional support required in production. Some advanced features and deployment methods described in this guide are only available in the Enterprise Edition.
Why Use SignServer during Development and Prototyping
Many development and testing environments rely on local signing tools, ad hoc scripts, or signing keys stored insecurely on developer laptops. While convenient, these approaches create long-term risks around security, scalability, and compliance. Such setups are unsuitable for business-critical systems or regulated environments.
Since digital signatures are essential for code integrity, software supply chain security, and compliance, production environments require a properly managed and supported signing service with strong key protection.
Using a centralized, standards-based signing solution such as SignServer during development helps:
Establish consistent signing policies from the beginning.
Prevent insecure key storage on laptops or local systems.
Simulate production signing workflows early in the software lifecycle.
Reduce integration issues when moving from testing to production.
Ensure readiness for compliance and scalability requirements.
Migration to Enterprise is straightforward, regardless of whether you start with Community or a free trial.
Try SignServer Container deployment options
Run SignServer in Docker
The quickest way to get started is by running SignServer in a containerized environment.
Purpose: Developers and engineers who want a fast, local test setup. Choose to deploy an ephemeral or persistent instance.
What you get: A local SignServer instance running in Docker.
What you need: A client authentication certificate to access the SignServer admin interface. You can issue one using https://docs.keyfactor.com/how-to/latest/quick-start-issue-client-authentication-certificat.
This is useful when testing configuration flows or signing operations. Step-by-step guides and videos are provided, demonstrated with the Community Edition of SignServer, which is readily available via Docker Hub. You can also pull the SignServer Community container from the AWS Marketplace.
Read more: https://docs.keyfactor.com/how-to/latest/quick-start-signserver-container-with-client-certi
Deploy SignServer on Kubernetes
For more production-like environments, you can deploy SignServer in Kubernetes using the official Helm chart.
What you get: A scalable SignServer deployment managed by Kubernetes.
Best for: Platform engineers and DevOps teams evaluating PKI and signing workflows in Kubernetes.
What you need: A client authentication certificate to access the SignServer admin interface. You can issue one using https://docs.keyfactor.com/how-to/latest/quick-start-issue-client-authentication-certificat.
Read more: https://docs.keyfactor.com/how-to/latest/deploy-signserver-using-a-helm-chart
Try EJBCA and SignServer Enterprise with PQC in a Test Drive
Use this option to quickly get to know and evaluate Post-Quantum Cryptography (PQC) capabilities in EJBCA and/or SignServer Enterprise. The PQC Lab Test Drive provides a pre-configured environment that allows you to issue quantum-safe certificates and test PQC signing on arbitrary artifacts without any configuration or installation.
Read more and sign up: PQC Lab Test Drive
Deploy SignServer Enterprise on AWS or Azure (30-day free trial)
SignServer Enterprise is available as a 30-day free trial on both Amazon Web Services (AWS) and Microsoft Azure.
Use this option to evaluate SignServer Enterprise features in a managed cloud environment. If the deployment meets your requirements, you can convert it into a commercial instance without redeploying.
Read more: SignServer Cloud AWS Launch Guide
Next Steps: Configure Your Signing Environment
After completing your initial deployment, the next step is to configure your signing environment to support your testing or evaluation use case. This typically includes:
Explore different signing modules (code, containers, documents, timestamping).
Integrate with CI/CD pipelines and DevOps tools.
Review the SignServer Documentation for advanced configurations and tutorials.
Contact us
Request a live demo with one of our experts — whether you want to explore workflows hands-on or discuss your specific needs.