Products
FinalBuilder
Features
Pricing
Downloads
Screenshots
Demos
Continua CI
Features
Pricing
Downloads
Help & Resources
Automise
Features
Pricing
Downloads
Screenshots
Signotaur
Pricing
Downloads
Downloads
Products
FinalBuilder
Continua CI
Automise
Signotaur
Other
Open Source
FinalBuilder Server (retired)
Store
Forums
Blogs
Support
Support
Forums
Contact Us
Resources
Blogs
About Us
Company
About Us
Contact Us
Partners
Customers
Partners
Resellers
Like
Read
Register
|
Login
Products
Products Home
FinalBuilder
FinalBuilder Home
Features
Pricing
Downloads
Screenshots
Demos
Continua CI
Continua CI Home
Features
Pricing
Downloads
Downloads
Automise
Automise Home
Features
Pricing
Downloads
Screenshots
Signotaur
Signotaur Home
Features
Pricing
Downloads
Store
Downloads
Downloads Home
Download FinalBuilder
Download Continua CI
Download Automise
Open Source
Support
Support
Forums
Blogs
About Us
About Us
Contact Us
Customers
Partners
Resellers
Register
|
Login
Signotaur 2.0 Version History
v2.0.0.190
June 24th, 2026
Download Signotaur Server (64 bit Windows)
Changes
New Enterprise Features
Enterprise licences are now available for Signotaur. Purchasing an Enterprise licence grants access to new features related to internally and externally managed certificates. Note that every server gets a one-time 90-day grace to set it up and evaluate it without an Enterprise licence: you get a single managed web (TLS) certificate, valid for up to 90 days, after which the server reverts to self-signed. Add an Enterprise licence to keep that web certificate auto-renewing and to issue and sign with managed code-signing certificates.
Internal Certificate Authority:
Signotaur can now run its own built-in CA hierarchy (root + intermediate) to issue and manage code-signing and web (TLS) certificates directly. This includes on-demand issuance, automatic renewal and expiry notifications. A managed certificates list tracks current and superseded certificates.
External ADCS issuance.
Managed certificates can also be issued from a Microsoft Active Directory Certificate Services server, over either the DCOM or Certificate Services (CertSrv) web transport, using enterprise certificate templates.
New Features
Web (TLS) certificate management.
A dedicated admin area for the certificate presented by the server web interface, allowing selection of the source (self-signed, an existing PFX file, the Windows certificate store, or the managed CA), view the live certificate, its chain and expiry, and download the chain anchor (PEM or DER) with instructions for distributing it to client trust stores.
Note
that using the managed CA as the web-certificate source requires an Enterprise licence, but a one-time certificate can be issued with a capped 90-day validity.
Encrypted, portable backups.
A new
archive
command (
create
,
restore
,
verify
,
extract
) produces passphrase-protected
.sigbak
backup bundles containing the configuration, database, and CA/managed certificates. Restoring a bundle on another machine re-seals secrets under that machine's key, providing a supported migration path. Scheduled backups now emit a full
.sigbak
archive when a backup passphrase is configured.
At-rest secret protection (DPAPI).
On Windows, the master encryption key is sealed with a machine-bound DPAPI key, so an off-box copy of the configuration, CA private keys, and other at-rest secrets (VM snapshot, copied disk) cannot be decrypted without a proper restore. OAuth client secrets are now also encrypted at rest.
Per-API-key rate limiting.
Optional fixed-window rate limiting can be enabled for gRPC signing endpoints, with configurable request counts and window durations per API key (off by default).
Improvements
Most server settings now take effect immediately, without a service restart — including email, event retention, password policy, session/login expiry, update-check preferences, the PKCS#11 PIN-failure limit, and enabling/disabling rate limiting. Settings that still require a restart (hostname and port, OAuth providers, log-file changes, and changes to an active rate limiter) now clearly indicate so with a restart-pending banner.
Configurable login session lifetimes. A login where "Remember me" is left unticked can now be given a shorter idle timeout, separate from the longer remembered-login lifetime, so unattended sessions expire sooner. Administrators can also choose whether sign-ins via external providers (Google, GitHub) stay signed in or last only for the browser session. Both are set under Settings → Options.
Concurrent-edit protection across all configuration screens: saving uses optimistic-concurrency tokens, and a conflict dialog shows when another administrator changed the same settings (and who/when) rather than silently overwriting them.
Editing settings now warns about unsaved changes before you navigate away, and a pre-save summary lists exactly what will change and when each change takes effect.
The installer offers five certificate-configuration modes (existing PFX, Windows certificate store, self-signed, built-in CA, and external AD CS) with dedicated sub-pages, and validates your selections — PFX/store certificates, self-signed generation, AD CS connectivity, and subject names — before letting you continue. The installer also honours the configured backup directory and takes a pre-upgrade backup.
The admin web app gained consistent save dialogs, buttons, dirty-change detection, and certificate-table layouts throughout.
Bug Fixes
Reworked several account and configuration forms to react correctly to edits — fixing cases where a submit button could remain disabled.
Infrastructure
Updated .NET SDK to v10.0.301.
Various third-party package updates.
Previous versions
View Signotaur CI Version 1.0 History.