The conversation around post-quantum cryptography (PQC) is no longer theoretical. At Keyfactor, we’ve watched the industry shift from speculation to preparation, and with the release of EJBCA 9.3 and SignServer 7.3, we’re deepening our commitment to being the trusted leader in transitioning enterprises from preparation to implementation.
This release delivers on that thesis across three fronts: Post-quantum readiness, modern HSM integration, and expanded trust capabilities in the cloud. Let’s dig in and see why it’s a big deal.
Going with Gold on PQC Standards
Issue SLH-DSA certificates using the latest version of our PKI platform, EJBCA 9.3, which now supports ML-DSA, ML-KEM, and SLH-DSA NIST PQC algorithms
In a world where RSA and ECC face existential threats from maturing quantum capabilities, EJBCA 9.3introduces new support for SLH-DSA—a NIST-finalized algorithm built to survive the quantum leap. SLH-DSA prioritizes durability and compliance and aligns with FIPS 205 for more stringent security standards. In EJBCA 9.3 ML-DSA also adds HSM integration, enabling PQC for a broader set of modern use cases that match what our customers need.
SignServer 7.3 complements this by enabling ML-DSA signing operations through Fortanix DSM HSMs — meaning quantum-safe signing is moving to a greater variety of PKI tools. In short, these releases give you options to enact PQC in production and choose the right algorithms and tools for your business, and build upon our existing PQC support delivered in EJBCA 9.1 and SignServer 7.1.
Modern HSM Integrations
Our new cloud HSM support options from AWS and Thales make it easy to integrate into your existing ecosystem
It’s good to be flexible — our latest release extends our 100+ integrations even further. EJBCA and SignServer now natively support AWS Cloud HSM, and SignServer adds integration with Thales Data Protection on Demand (DPOD).
Bigger PKI Muscle in Azure
Cloud workloads, ephemeral services, and even software binaries demand identity and integrity, and materializing these ideas for customers is one of our top priorities.
EJBCA 9.3 integrates directly with Azure Workload Identities, delivering fast and reliable certificate issuance and eliminating secret sprawl in dynamic environments like Azure Kubernetes Service (AKS) – ideal for customers using Azure SQL.
Streamlined Signing with an Updated REST API
Our new REST API functionality makes uploading and signing files easy and fast
Meanwhile, SignServer 7.3 introduces a REST API for external file signing, extending cryptographic trust beyond infrastructure to digital artifacts. Think CI/CD pipelines, configuration bundles, and compliance docs — signed, sealed, delivered from your PKI core.
Get in Gear for PQC with Keyfactor
That’s all folks! Keyfactor’s latest updates reflect a product philosophy aligned with an operational reality: cryptography must evolve continuously, without breaking what already works.
If you’re on the journey toward PQC-readiness, cloud-native trust, or cryptographic modernization — we invite you to dig deeper. Read the full EJBCA 9.3 Release Notes and SignServer 7.3 Release Notes, or check out Keyfactor’s PQC Lab to test out PQC certificate issuance and signing yourself complimentary of Keyfactor in a safe environment.
