Apache Tomcat
This document provides information regarding the configuration of Apache Tomcat with our HSMs and how TLS handshake offloading works. For additional questions related to your HSM, see the relevant user guide.
From the Apache Tomcat website: The Apache Tomcat software is an open source implementation of the Java Servlet, Java Server Pages, Java Expression Language, and Java Web Socket technologies. Apache Tomcat software powers numerous large-scale, mission-critical web application across a diverse range of industries and organizations.
The Java Provider (FXJCE) requires the use of the PKCS #11 (FXPKCS11) libraries. We provide users with several files to set up and configure the PKCS #11 libraries. The Java Provider supports Java 7, 8, and 9.
In this scenario, you create Tomcat Web Server Certificates, which are required for client application connections with the web server, by using the Keytool feature embedded in Java. Using Keytool, you can create the RSA Key pair and the certificate for the Tomcat server. The private key for this certificate is stored in the HSM by using the Java Provider (FXJCE), which also uses the PKCS #11 library (FXPKCS11) to gain access to the HSM. The connection between the PKCS #11 library and the HSM should be a TLS connection. You must cretae TLS/SSL certificates (by using OpenSSL or an external CA) to provide certificates for the HSM and the server where the PKCS #11 library is running.