Create NGINX ConfigMap | Utimaco Integration Guides

The NGINX ConfigMap defines the SSL/TLS configuration for NGINX to enable secure HTTPS communication using keys managed by the Utimaco HSM. It contains the nginx.conf file, which configures NGINX to use the Utimaco PKCS#11 engine for SSL operations, load the certificate from the mounted secret, and access the private key directly from the HSM for enhanced security.

Create a file named nginx-cm.yaml in the path /home/admin/hsm-build/ .

Paste the contents provided below and save the file.

YAML

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
data:
  nginx.conf: |
    user root;
    worker_processes  1;
    ssl_engine pkcs11;
    error_log /var/log/nginx/error.log warn;
    pid       /var/run/nginx.pid;
    events {
        worker_connections  1024;
    }
    http {
        server {
            listen               443 ssl;
            server_name          localhost;
            ssl_certificate      /etc/ssl/certs/tls.crt;
            ssl_certificate_key  "engine:pkcs11:pkcs11:object=RSAKey;type=private";
            location / {
                root   /usr/share/nginx/html;
                index  index.html index.htm;
            }
        }
    }

Before applying the ConfigMap, ensure that the file paths and configuration values match your environment:

ssl_certificate → Must point to the correct mounted path of your SSL certificate (from the Kubernetes Secret, usually /etc/ssl/certs/tls.crt).
ssl_certificate_key → Must use the same PKCS#11 object label (for example, RSAKey) that was generated and stored in the HSM during key generation.
Confirm that the paths and engine configuration are aligned with your Deployment YAML (for example, the PKCS#11 library path and certificate mount path).

Apply the ConfigMap.

Apply NGINX ConfigMap