Update OpenJDK 11 to use Utimaco HSM | Utimaco Integration Guides

Copy the CryptoServerJCE.jar file to the /opt/tomcat/bin directory.

›_ Console

# cp /opt/utimcao/lib/CryptoServerJCE.jar /opt/tomcat/bin/

Go to the <JDK_Installation_directory> conf/security directory.

›_ Console

# cd /usr/lib/jvm/java-11-openjdk-11.0.2.7-2.el8.x86_64/conf/security/

Edit the java.security configuration file to add the CryptoServerJCE provider.

›_ Console

security.provider.1=SUN security.provider.2=SunRsaSign security.provider.3=SunEC security.provider.4=SunJSSE security.provider.5=SunJCE security.provider.6=SunJGSS security.provider.7=SunSASL security.provider.8=XMLDSig security.provider.9=SunPCSC security.provider.10=JdkLDAP security.provider.11=JdkSASL security.provider.12=SunPKCS11

security.provider.13=CryptoServerJCE.CryptoServerProvider

Specify the correct provider number for the CryptoServerJCE Provider. Apache Tomcat requires the CryptoServer.cfg configuration file to be present in the home directory of the user.