Breadcrumbs

Update server.xml file for SSL Configuration

  1. Open server.xml file.

›_ Console 

# vi /opt/tomcat/conf/server.xml

  1. Add the following entries to connector section for SSL.

›_ Console 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"                
            maxThreads="150" SSLEnabled="true"> 
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> 
        <SSLHostConfig> 
            <Certificate certificateKeystoreFile=""                          
                  certificateKeystoreType="PKCS11" 
                  certificateKeystoreProvider="SunPKCS11-CryptoServer"  
                  certificateKeyAlias=" tomcatsslkey "  
                  certificateKeystorePassword="123456"                          
                  type="RSA" /> 
        </SSLHostConfig> 
    </Connector>

Here:

  • certificateKeystoreFile is blank as HSM is being used

  • certificateKeystoreType is pkcs11 keystore is being used

  • certificateKeystoreProvider is SunPKCS11-CryptoServer

  • certificateKeyAlias is the name of the key generated using keytool command

  • certificateKeystorePassword is the password of the HSM keystore

  • type is the key algorithm to use (RSA/EC)

  1. Reload the daemon using:

›_ Console 

# systemctl daemon-reload

  1. Restart Tomcat Service using:

›_ Console 

# systemctl restart tomcat

5. Confirm Tomcat status that it is running using:

›_ Console 

# systemctl status tomcat

  1. The below output shows it is running:

tmp9m2bgv_f.jpg

Tomcat Service Status Output

  1. Now access the page over https using https://172.23.0.40:8443.

tmp28it87wq.jpg

Tomcat service status output

This completes the integration of Apache Tomcat with Utimaco HSM using SunPKCS11 security provider.