Certchip Signer Server
Certchip Signer Server is a centralized code and document signing server that provides secure key management and signing services.
Overview
The Signer Server enables organizations to:
- Centralize Code Signing - Manage all signing certificates and keys in one secure location
- Secure Key Storage - Store private keys in HSM (Hardware Security Module) or encrypted database
- Access Control - Role-based access control for signing operations
- Audit Logging - Complete audit trail of all signing activities
- Certificate Management - Issue, renew, and revoke certificates
- Let's Encrypt Integration - Automated SSL certificate management
Architecture
┌─────────────────────────────────────────────────────────────┐
│ Signer Server │
├─────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ REST API │ │ WebSocket │ │ Admin Console │ │
│ └──────┬──────┘ └──────┬──────┘ └──────────┬──────────┘ │
│ │ │ │ │
│ ┌──────┴────────────────┴────────────────────┴──────────┐ │
│ │ Signing Engine │ │
│ └────────────────────────┬───────────────────────────────┘ │
│ │ │
│ ┌────────────────────────┴───────────────────────────────┐ │
│ │ Key Storage (HSM / SW HSM / DB) │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
Key Features
Signing Services
| Feature | Description |
|---|---|
| Code Signing | Sign Windows executables, DLLs, MSI packages |
| Document Signing | Sign PDF documents with visual signatures |
| Hash-based Signing | Sign file hashes without uploading entire files |
| Timestamping | RFC 3161 compliant timestamping |
Security
| Feature | Description |
|---|---|
| HSM Support | PKCS#11 compatible hardware security modules |
| Software HSM | Encrypted key storage for development/testing |
| SSH Key Auth | Ed25519, ECDSA, RSA key authentication |
| API Keys | Token-based authentication for automation |
| RBAC | Role-based access control |
Certificate Management
| Feature | Description |
|---|---|
| Certificate Lifecycle | Issue, renew, revoke certificates |
| Let's Encrypt | Automated SSL certificate issuance |
| CSR Generation | Create certificate signing requests |
| Chain Management | Manage certificate chains |
System Requirements
- OS: Linux (Ubuntu 20.04+, CentOS 8+), Windows Server 2019+
- CPU: 4+ cores recommended
- RAM: 8GB minimum, 16GB recommended
- Storage: SSD recommended for key storage
- Network: HTTPS (port 7443 default)
Getting Started
- Installation - Download and install the Signer Server package
- Configuration - Configure server settings and key storage
- Certificate Setup - Import or generate signing certificates
- User Management - Create users and assign roles
- Client Connection - Connect using signercli or signer client
Related Documentation
- Signer Client (signercli) - Cross-platform CLI tool