Breadcrumbs

Update the server.xml File for the SSL Configuration

  1. Open the server.xml file.

›_ Console 

# vi /opt/tomcat/conf/server.xml

  1. Add the following entries to the connector section for SSL.

›_ Console 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"                
            maxThreads="150" SSLEnabled="true"> 
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> 
        <SSLHostConfig> 
            <Certificate certificateKeystoreFile=""                          
                  certificateKeystoreType="PKCS11" 
                  certificateKeystoreProvider="SunPKCS11-CryptoServer"  
                  certificateKeyAlias=" tomcatsslkey "  
                  certificateKeystorePassword="123456"                          
                  type="RSA" /> 
        </SSLHostConfig> 
    </Connector>

Here:

  • certificateKeystoreFile is blank as the HSM is being used

  • certificateKeystoreType is pkcs11 as the keystore is being used

  • certificateKeystoreProvider is SunPKCS11-CryptoServer

  • certificateKeyAlias is the name of the key generated using the keytool command

  • certificateKeystorePassword is the password of the HSM keystore

  • type is the key algorithm to use (RSA/EC)

  1. Reload the daemon using:

›_ Console 

# systemctl daemon-reload

  1. Restart the Tomcat service using:

›_ Console 

# systemctl restart tomcat

5. Confirm that the Tomcat status is running using:

›_ Console 

# systemctl status tomcat

  1. The below output shows it is running:

apache status last step-20260416-225228.jpg


Tomcat Service Status Output

  1. Now access the page over https using https://<ip>:8443.

Tomcat service status output - Last Output-20260416-230241.jpg


Tomcat Service Status Output - Browser

This completes the integration of Apache Tomcat with the Utimaco HSM using the SunPKCS11 security provider.