This document provides information regarding the configuration of Apache Tomcat with our HSMs and how TLS handshake offloading works. For additional questions related to your HSM, see the relevant user guide.

From the Apache Tomcat website: The Apache Tomcat software is an open source implementation of the Java Servlet, Java Server Pages, Java Expression Language, and Java Web Socket technologies. Apache Tomcat software powers numerous large-scale, mission-critical web application across a diverse range of industries and organizations.

In this integration, you create Tomcat Web Server Certificates, which are required for client application connections with the webserver, by using the Keytool feature embedded in Java. Using Keytool, you can create the RSA Key pair and the certificate for the Tomcat server. The private key for this certificate is stored in the HSM by using PKCS #11 (FXPKCS11) libraries and the Java SunPKCS11 provider. The connection between the PKCS #11 library and the HSM should be a TLS connection. You must create TLS/SSL certificates (by using OpenSSL or an external CA) to provide certificates for the HSM and the server where the PKCS #11 library is running.