Skip to main content
Before you install phoss SMP, verify that your environment meets the requirements below. Skipping this step is the most common source of startup failures.

Java runtime

phoss SMP requires Java 17 or later (required since v8.0). The Docker images ship with JDK 21 via the official tomcat:10.1-jdk21 base image.
Java 11 and earlier are no longer supported. If you are upgrading from an older installation, upgrade your JRE/JDK first.

Build tooling (source builds only)

If you intend to build from source rather than use a pre-built WAR or Docker image, you need:
ToolMinimum version
Apache Maven3.6+
Gitany recent version
See Building from source for full instructions.

Servlet container

phoss SMP is a Jakarta EE 10 web application. Supported containers:

Apache Tomcat

Version 10.1.x or later. Tomcat 9 and earlier use the javax.servlet namespace and are not compatible.

Eclipse Jetty

Version 12.x (Jakarta EE 10 variant). Used for local development via the RunInJetty* launcher classes.
Tomcat 10.1 requires a special connector setting to handle encoded slashes in participant identifiers. See the WAR deployment guide for details.

Docker (Docker deployments only)

If you are deploying with Docker, install Docker Engine 20.10+ or Docker Desktop. The official images are hosted on Docker Hub and require no additional build steps. See Docker deployment for full instructions.

PKI and keystore

phoss SMP signs SML interactions and (optionally) Directory communications using a Peppol-issued certificate. You must obtain this certificate from your Peppol authority before you can register with the SML. Supported keystore formats:
FormatProperty valueNotes
PKCS12pkcs12Recommended. File extension .p12 or .pfx.
JKSjksJava KeyStore, legacy format.
BCFKSbcfksBouncy Castle FIPS KeyStore.
The keystore must contain exactly one certificate. The keystore password and the key password must match. 
smp.keystore.type         = pkcs12
smp.keystore.path         = /config/smp.p12
smp.keystore.password     = changeit
smp.keystore.key.alias    = smp.pilot
smp.keystore.key.password = changeit
For test/pilot environments, Peppol issues certificates under the Peppol pilot PKI. For production, you need a production certificate. The built-in truststores for both environments are bundled with the application.

Network requirements

For full Peppol SML registration, the server must be able to reach the SML outbound:
EndpointDescription
edelivery.tech.ec.europa.eu (port 443)Peppol pilot SML
edelivery.tech.ec.europa.eu (port 443)Peppol production SML
The server also needs inbound access on port 80 or 443 so that Access Points can look up your SMP records.

Supported databases (SQL backend only)

If you are using the SQL backend (smp.backend = sql), one of the following databases must be available:
Databasetarget-database valueNotes
MySQLMySQLTested with MySQL 8.x
PostgreSQLPostgreSQLTested with PostgreSQL 14+
OracleOracle
IBM DB2DB2
Schema migrations are handled automatically by Flyway on startup.

Minimum hardware

The Docker README recommends at least 4 GB of RAM for production containers. The JVM memory settings in the official images are: 
-XX:InitialRAMPercentage=10
-XX:MinRAMPercentage=50
-XX:MaxRAMPercentage=80
For a small Peppol SMP serving a handful of participants, 1–2 vCPU and 2 GB of RAM is sufficient. Scale up for higher participant counts or heavier SML registration workloads.
For production deployments, use a dedicated data directory on a persistent volume and ensure the process user has write access to it (webapp.datapath property).

Build docs developers (and LLMs) love

Get started for freeTalk to us