Introducing the 2024 PKI & Digital Trust Report     | Download the Report

Get Ready for Post Quantum with New EJBCA and SignServer Capabilities

Mises à jour techniques

Sunshine, sandals, and…quantum cryptography? Yep, that’s right! While you might be soaking up the summer vibes, our team’s been busy getting you prepped for a major shift in encryption expected in July 2024. That month NIST will release new standardized versions of the current PQC candidate algorithms. That means the encryption game is about to change, and we want to make sure you’re ready.

We’ve been working hard to get our customers future-proofed, and provide everyone a chance to test-drive quantum-ready certificates in a safe sandbox environment.

Keyfactor’s PQC Lab on Microsoft Azure s a quick, easy way for IT and security teams to get started with PQC testing.

But that isn’t all we’ve been up to. Our recent milestone release, including EJBCA Enterprise 8.3 and SignServer Enterprise 6.3, makes significant advancements with new container deployment options, extensive documentation updates, and other enhancements to PKI and digital signing. Here’s a TL;DR:

  • Flexible Container Deployments : We now offer deployment of EJBCA and SignServer container sets on Kubernetes clusters, deployed through seamless automation.
  • One-Stop for All Keyfactor Documentation: Accessing all of the critical documentation you need is even easier whether it’s for certificate management, PKI, or signing — now all available on
  • It’s Even Easier to Ditch Microsoft ADCS: Centralizing configuration and adding new enrollment support makes it even easier to ditch Microsoft ADCS.
  • Get Quantum-Ready Now: Testing support for new hybrid certificates to enable post quantum cryptography is here, offering the best of both worlds by preparing you for the future while still being backwards compatible with one certificate.
  • Improved Signing Transparency and Capabilities: A new CycloneDX Software Bill of Materials (SBOM), Microsoft SQL database support, and REST API extensions available in SignServer Enterprise 6.3.


Let’s dive into some of the details.

Doubling Down on Container Deployments for EJBCA and SignServer

Container deployments using automation are now available for EJBCA and SignServer Enterprise

Need your PKI deployment to be as flexible as your summer plans? Keyfactor already offers flexible deployment options to match the unique requirements of enterprise environments, whether it’s on-prem or in the cloud, turnkey or fully managed.

We’re excited to announce that both EJBCA 8.3 and SignServer 6.3 now support container-based deployments as well. Think lightweight and automated deployment using Helm charts on your existing Kubernetes setup. It’s the best of both worlds, with lightweight deployment and a modern architecture.

Documentation Improvements and Migration to

Documentation for EJBCA and SignServer has been revamped to be clearer, more comprehensive, and cover all the exciting new features in these latest releases.

We’ve also consolidated everything into a brand-new home at All documentation for Keyfactor solutions is in one place, right there at your fingertips. We understand transitioning can take time, so don’t worry! If you’re still comfortable with the old documentation on, it will remain available as we transition.

It's Even Easier to Ditch Microsoft ADCS

A nostalgic look back at technologies from Microsoft ADCS to the infamous Windows Phone

Remember the Motorola RAZR? That was launched fours years after Microsoft ADCS became available in 2000. As PKI has gotten more complex, Microsoft ADCS simply can’t keep up with new use cases and needs for PKI and certificate management.

The good news is, there’s a modern alternative. EJBCA, the world’s leading open-source CA, is constantly innovating. It offers a smooth transition for teams looking to move beyond ADCS, especially with recent advancements like:

  • Centralized configuration that enables operational enhancements for multi-domain and multi-RA setups
  • Certificate enrollment using the elliptic curves algorithm


Want to see some real-world examples? Read case studies showing how Keyfactor has helped hundred of enterprises ditch Microsoft ADCS and move to a scalable, quantum-ready PKI platform. Speaking of quantum-ready…

Hybrid Certificates to Enable PQC Testing

Looking to get a head start on the move to quantum-safe encryption? Keyfactor’s new hybrid certificates in EJBCA Enterprise offer one new certificate that combines a quantum-safe algorithm with a classic algorithm through a non-critical extension to keep them compatible. While they’re not quite ready for prime time, they can be tested in a safe lab environment as we await NIST’s finalized guidance on PQC encryption standards.

Hybrid certificates are a great way to test PQC for the upcoming migration to these new algorithms. Hybrid certificates offer the best of both worlds, offering quantum-ready capabilities and backwards compatibility with your current setup.

SignServer Enterprise 6.3 Enhancements

Document and code signing demand has soared as regulations require enhanced privacy for sensitive data and development environments that have become more intricate than ever.

For improved security, transparency, and alignment with supply chain initiatives we’re now offering a CycloneDX Software Bill of Materials (SBOM) included in documentation for SignServer 6.3 and future versions.

In addition, with this release we’ve now added support for:

  • Leverage Microsoft SQL Server with new support for Microsoft;s SQL database
  • Take even more granular control over signing processes with REST API extensions


This is just a glimpse of the many updates we’ve made in EJBCA 8.3 and SignServer 6.3, so we encourage customers t read the full release notes for EJBCA 8.3  and SignServer 6.3 for all the details.

Don't sit on the PQC Sidelines - Dive In!

Want to learn more about Post Quantum Crytography? Take a complementary test drive of PQC certificates with our complementary PQC Labs on Microsoft Azure.