Configuring Apache Tomcat to use Utimaco HSM for SSL | Utimaco Integration Guides

Create a file /opt/tomcat/bin/setenv.sh and add the environment variables listed below.

›_ Console

# vim /opt/tomcat/bin/setenv.sh

Setting up environment

Open the server.xml file

›_ Console

# vim /opt/tomcat/conf/server.xml

Add the following entries for SSL to the connector section.

›_ Console

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile=""
certificateKeystorePassword="123456"
certificateKeystoreProvider="CryptoServer"
certificateKeystoreType="CryptoServer"
certificateKeyAlias="tomsslec"
</SSLHostConfig>

</Connector>

Here:

certificateKeystoreFile is blank as HSM is being used
certificateKeystoreType is CryptoServer
certificateKeystoreProvider is CryptoServer
certificateKeyAlias is the name of the key generated using the keytool command
certificateKeystorePassword is the PIN of the HSM key store

Reload the daemon using:

›_ Console

# systemctl daemon-reload

Restart Tomcat Service using:

›_ Console

# systemctl restart tomcat

Confirm that the Tomcat status is running using:

›_ Console

# systemctl status tomcat

The output below shows that it is running.

Tomcat service status output

Now access the page over https using https://<apache_tomcat_server_ip>:443

Browsing the page over https

This completes the integration of Apache Tomcat and Utimaco HSM.