TLS offloading

Apache Tomcat

3min

This document provides information regarding the configuration of Apache Tomcat with our HSMs and how TLS handshake offloading works. For additional questions related to your HSM, see the relevant user guide.

About Apache Tomcat

From the Apache Tomcat website: The Apache Tomcat software is an open source implementation of the Java Servlet, Java Server Pages, Java Expression Language, and Java Web Socket technologies. Apache Tomcat software powers numerous large-scale, mission-critical web application across a diverse range of industries and organizations.

Apache Tomcat integration overview

The

 Java Provider (FXJCE) requires the use of the

PKCS #11 (FXPKCS11) libraries. We provide users with several files to set up and configure the PKCS #11 libraries. The

Java Provider supports Java 7, 8, and 9.

In this scenario, you create Tomcat Web Server Certificates, which are required for client application connections with the web server, by using the Keytool feature embedded in Java. Using Keytool, you can create the RSA Key pair and the certificate for the Tomcat server. The private key for this certificate is stored in the HSM by using the

 Java Provider (FXJCE), which also uses the

PKCS #11 library (FXPKCS11) to gain access to the HSM. The connection between the PKCS #11 library and the HSM should be a TLS connection. You must cretae TLS/SSL certificates (by using OpenSSL or an external CA) to provide certificates for the HSM and the server where the PKCS #11 library is running.

Guardian integration