The following guides describe code signing use cases and how to setup SignServer for code signing.
Note that these how-to guides assume some product knowledge and may not cover all topics in-depth but instead link to details in the product documentation.
Code Signing Technical How-to
This technical guide describes the code signing use case and how to start using code signing for signing of executable files, software releases, firmware or other custom formats.
→ Code Signing Technical How-to
Authenticode Code Signing Technical How-to
A brief guide for the use case SignServer Cloud and Authenticode signing, covering launching SignServer Cloud and trying out code signing using the Microsoft Authenticode digital signature format.
→ Authenticode Code Signing Technical How-to
For more information on all the various code signing capabilities of SignServer, see the Code Signing Technical How-to.
Jenkins Integration for Automated Code Signing
A guide demonstrating an integration between SignServer and Jenkins for automated code signing in a CI/CD Pipeline. Includes using the SignServer JArchive CMS Signer for JAR signing and running a Jenkins Pipeline building and delivering the app, and using Client Certificate Authentication to authorize Jenkins to sign files in SignServer.
→ How To Integrate Jenkins with SignServer for Automated Code Signing
Post-quantum Code Signing How-to
As the time to roll out new Post-Quantum Cryptography (PQC) algorithms gets closer, it is wise to establish a high level of crypto agility in your organization and to try out the new algorithms as final candidate implementations become available from the NIST Post-Quantum Cryptography competition.
This guide demonstrates code signing based on SignServer using the post-quantum SPHINCS+ algorithm through Bouncy Castle and allows you to try out creating post-quantum keys and signatures.
→ Post-quantum Code Signing How-to