Support multiple hash algorithms for signatures, MD5, SHA-1, SHA-2.
Compliant with NSA SUITE B algorithms and certificates.
Support for Hardware Security Modules (HSMs). Built in support for Thales/nCipher, SafeNet Luna, SafeNet ProtectServer, Utimaco CryptoServer, AEP Keyper, ARX CoSign and other HSMs with a good PKCS#11 library.
Support for software based keys for lower security requirements or development.
Multiple Signers and Validators, serve all your digital signature needs within one instance of SignServer.
Get your document signer certificate, such as PDF signing certificates, signed by public recognized CAs.
Built in modules for signing PDF, XML, XAdES-BES, XAdES-T, ODF, OOXML, CMS and MRTD.
Generic CMS (PKCS#7) signer signs any document or file with support for detached signatures and client-side hashing.
Simple plug-in API for creating new document signers.
Built in RFC 3161, 5816 compliant Time Stamp Authority (TSA) module:
Configurable time sources.
Built in Authenticode timestamp signer module
Electronic ePassport document signing (MRTD) compliant with ICAO requirements:
LDS version 1.8 support.
Support for limiting the number of signings.
Support for key usage period.
Multiple active logical signers with fail-over when the sign
limit is exceeded or key usage period expires.
Signer suitable of signing ICAO Deviation/Defect Lists.
PDF document processing, including support for:
Different certification levels.
Requesting and embedding timestamp responses.
Requesting and embedding CRLs.
Requesting and embedding OCSP responses.
Validators for signed documents, built in support for XML validation, XAdES-BES, XAdES-T, or make your own validator plug-in.
Configurable access control using HTTP basic authentication, https client certificates, IP address restrictions etc.
Optional archival of signed documents.
Built on the JEE 6 (EJB 3.1) specification.
Flexible, component based architecture.
Java API, Web server (HTTP), Web Services (WS) and command line (CLI) interfaces for integration.
Web service (WS) interface for remote administration and integration.
Automatic signer certificate renewal when used together with EJBCA.
Plug-in functionality allowing you to enhance with your own functionality and work flows.
Simple installation and configuration.
Command line administration for scripts etc.
Administration GUI desktop application for management with support for remote management with strong authentication.
Administration Web interface for management with support for remote management with strong authentication. (Enterprise Edition only).
Transaction logging suitable for statistics and billing.
Audit logging for events related to keys, certificates and time-sources
Easy upgrade paths when new versions are released.
Supports multiple application servers: JBoss AS, WildFly and GlassFish/Payara.
Using standard, high performance RDBMS for storage.
Supports multiple databases: MySQL, MariaDB, Oracle, PostgreSQL, etc.
Support for running without database.
Possible to integrate into large Java applications for optimal integration into business process.
Health check monitoring service to support efficient clustering and monitoring.
Status of workers
Down for maintenance support
Enterprise Edition features
Support and maintenance from PrimeKey, world renowned PKI experts.
Maintenance and security releases.
Administration Web interface.
Integrity protected audit log (log signing), with digital signature or HMAC protection.
Command line tool for verification of audit and database integrity protection.
Large file support.
qcStatements extension support for Qualified Electronic time-stamps according to the EU Regulation No 910/2014 (eIDAS).
SignServer TimeMonitor application and modules for monitoring time synchronization in TSA set-ups.
Authenticode signer for signing Windows executable files and Windows Installers (MSI).
JAR signer for signing Java archives (and Android apps).
ePassport CSCA master list signer compliant with ICAO requirements.
Automatic renewal service.
Signer certificate renewal with outgoing connection from EJBCA to SignServer.
Client-side hashing and construction for Authenticode signatures in SignClient.
Client-side hashing and construction for JAR signatures in SignClient.