The CryptoServer is the hardware security module (HSM) of Utimaco IS GmbH. Developed as a specialized physical-only processing unit, it performs sensitive cryptographic functions and ensures safe management of cryptographic keys and data. In a CryptoServer safety system, safety-relevant action is taken and security-related information is stored. It can be used as a universal, independent security component for heterogeneous computing systems.
The current use of inadequate transport layer security enables easy interception of communications of a web application or web server to a web browser from untrusted third parties. If an unencrypted transport layer - such as HTTP - is used for the transport of business-critical information, it can be easily compromised or intercepted. In modern web applications, SSL/TLS connections are used to secure the HTTP communications. In this case, the communication is encrypted with the help of symmetric cryptographic keys, which had previously been negotiated by an asymmetric cryptographic key exchange process. Foundations of these methods are always the public key of the participating parties or a proof of identity in the form of certificates. In addition to the storage of public keys, cryptographic certificates include normally more information to help identify the owner or a trusted machine. Public internet web servers usually use certificates that are issued by a trusted certificate authority, to prove their trusted identity.
The Apache Web Server is a web server such as Microsoft IIS and provides the web pages of a web site to the clients. It has the ability to transport information using encryption, in the form of the HTTPS protocol.
This document describes the essential steps to establish an SSL connection with the Apache Web Server based on a CryptoServer as a certificate store. Usually, the Apache Web Server is installed with a file-based certificate and private key in context of SSL. Even if this private key is protected by a password, potential attackers can for example simply copy the file to a portable medium or over a network and this can lead to a well taken serious identity theft. A hardware security module (HSM) as the CryptoServer ensures that a logical and physical access to the private key is only possible to trusted individuals or applications. Copying the private key and sensitive information is not possible when using the CryptoServer for key storage.