.png){kind=logo}
Get Started with SignServer
SignServer offers flexible deployment options to help you get started with centralized digital signing for testing, evaluation, and early-stage prototyping, without the need for a full-scale production setup. These approaches provide flexibility in exploring SignServer’s capabilities and validating integrations with your software supply chain, PKI, or application infrastructure.
This guide outlines several deployment options, including:
Docker containers for fast evaluation and proof-of-concept.
Cloud-native setups in Kubernetes using the SignServer Community Helm chart.
SignServer Enterprise 30-day free trial in an AWS or Azure managed cloud environment.
Here is an overview of the deployment options:
Deployment Option | Description | Best for | Data Persistence | SignServer edition |
|---|---|---|---|---|
Persistent local instance | Deploy with Docker | Test and integration testing. | Persistent until deleted. Can also be deployed as ephemeral | SignServer Community |
Helm charts on Kubernetes | Cloud-native deployment. | Production-like environments, platform teams. Enterprise edition provides additional features. | Persistent (depends on setup). | SignServer Enterprise and SignServer Community |
Cloud Trial AWS/Azure Marketplace | Full-featured EJBCA Enterprise evaluation for 30 days | Testing SignServer Enterprise features | Temporary (30 days). | SignServer Enterprise |
SignServer Community vs Enterprise Options
Deployment options are provided for both the SignServer Community and SignServer Enterprise editions:
SignServer Community Edition provides a core set of capabilities for evaluation and testing. It is open-source and well-suited for testing, learning, and prototyping, but it is not designed or supported for production use.
SignServer Enterprise Edition is recommended for environments supporting business-critical systems or regulated infrastructure. It offers the security hardening, automation, scalability, and professional support required in production. Some advanced features and deployment methods described in this guide are only available in the Enterprise Edition.
Why Use SignServer during Development and Prototyping
Many development and testing environments rely on local signing tools, ad hoc scripts, or signing keys stored insecurely on developer laptops. While convenient, these approaches create long-term risks around security, scalability, and compliance. Such setups are unsuitable for business-critical systems or regulated environments.
Since digital signatures are essential for code integrity, software supply chain security, and compliance, production environments require a properly managed and supported signing service with strong key protection.
Using a centralized, standards-based signing solution such as SignServer during development helps:
Establish consistent signing policies from the beginning.
Prevent insecure key storage on laptops or local systems.
Simulate production signing workflows early in the software lifecycle.
Reduce integration issues when moving from testing to production.
Ensure readiness for compliance and scalability requirements.
Migration to Enterprise is straightforward, regardless of whether you start with Community or a free trial.
Try SignServer Container deployment options
Run SignServer in Docker
The quickest way to get started is by running SignServer in a containerized environment.
Purpose: Developers and engineers who want a fast, local test setup. Choose to deploy an ephemeral or persistent instance.
What you get: A local SignServer instance running in Docker.
What you need: A client authentication certificate to access the SignServer admin interface. You can issue one using EJBCA Quick Start Guide – Issue Client Authentication Certificate.
This is useful when testing configuration flows or signing operations. Step-by-step guides and videos are provided, demonstrated with the Community Edition of SignServer, which is readily available via Docker Hub. You can also pull the SignServer Community container from the AWS Marketplace.
Deploy SignServer on Kubernetes
For more production-like environments, you can deploy SignServer in Kubernetes using the official Helm chart.
What you get: A scalable SignServer deployment managed by Kubernetes.
Best for: Platform engineers and DevOps teams evaluating PKI and signing workflows in Kubernetes.
What you need: A client authentication certificate to access the SignServer admin interface. You can issue one using EJBCA Quick Start Guide – Issue Client Authentication Certificate.
Deploy SignServer Enterprise on AWS or Azure (30-day free trial)
SignServer Enterprise is available as a 30-day free trial on both Amazon Web Services (AWS) and Microsoft Azure.
Use this option to evaluate SignServer Enterprise features in a managed cloud environment. If the deployment meets your requirements, you can convert it into a commercial instance without redeploying.
Next Steps: Configure Your Signing Environment
After completing your initial deployment, the next step is to configure your signing environment to support your testing or evaluation use case. This typically includes:
Explore different signing modules (code, containers, documents, timestamping).
Integrate with CI/CD pipelines and DevOps tools.
Review the SignServer Documentation for advanced configurations and tutorials.
Related Content
Hands-on Guides
Quick Start Guide - Start SignServer Container with Client Certificate Authenticated Access
EJBCA Quick Start Guide – Issue Client Authentication Certificate.
Contact us
Request a live demo with one of our experts — whether you want to explore workflows hands-on or discuss your specific needs.