MAY 2022

The SignServer team is pleased to announce the release of SignServer 5.9.1.

This release includes improvements for the integration with AWS CloudHSM. The release also brings new versions of OpenPDF and Bouncy Castle and other minor improvements and corrections.

Deployment options include SignServer Hardware Appliance and SignServer Cloud.


AWS CloudHSM Improvements

New flexibility of the P11NG crypto token now allows P11NG to be used with SignServer for integration with AWS CloudHSM. A new setting on a worker or the crypto token can control if a certificate object is generated when a key pair is generated. When used for integration with AWS CloudHSM, the worker or crypto token must be configured not to generate certificates, using the P11NGCryptoToken property GENERATE_CERTIFICATE_OBJECT. A similar option is also available in the p11-ng tool (using the nocertificateobject flag).

Further improvements to the Android (APK) signers have been made in this release making the APK signers work fully without certificates in the token and thus function with AWS CloudHSM.

Bouncy Castle Upgraded to Latest Version

Bouncy Castle is upgraded to version 1.71.

OpenPDF Upgraded to Latest Version

OpenPDF is upgraded to version 1.3.28.

Upgrade Information

Review the SignServer Upgrade Notes for important information about this release. For upgrade instructions, see Upgrade SignServer.

SignServer 5.9.1 is included in SignServer Hardware Appliance 3.9.6 and SignServer Cloud 1.11.1.

Change Log: Resolved Issues

For full details of fixed bugs and implemented features in SignServer 5.9.1, refer to our Jira Issue Tracker.

Issues Resolved in 5.9.1

Released May 2022

New Features

DSS-2380 - Make key generation work with P11NG Tool with AWS CloudHSM

DSS-2381 - Support key entries without certificate with P11NG


DSS-2369 - AdESSignerUnitTest fails in the build job

DSS-2451 - Add files that should not be tracked to .gitignore

DSS-2456 - Fix failing webtests

DSS-2457 - Do not fail parsing of PDF documents with negative indirect references

DSS-2459 - Upgrade BC to 1.71

DSS-2462 - Support for include certificate levels in APKHashSigner

DSS-2465 - Support in APK signers for certificate in config instead of import it into the token not only for other signers

DSS-2466 - Upgrade to OpenPDF 1.3.28

Bug Fixes

DSS-2453 - Keywrapping is not working with PostgreSQL

DSS-2463 - Regression: P11NG tool not included in P11NG CLI dist

DSS-2467 - Fail to verify the MSIX file signed with SignServer