Bulverde, TX — Futurex announced integration of Futurex HSMs with Apache Tomcat. Futurex HSMs work together with Apache Tomcat to protect and manage server encryption keys. According to the Apache Tomcat website, “the Apache Tomcat software is an open source implementation of the Java Servlet, Java Server Pages, Java Expression Language, and Java Web Socket technologies. Apache Tomcat software powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations.” Apache Tomcat is used to serve functional libraries in Java.
Hardware security modules are used for private encryption key storage because they eliminate the need to store keys on a web server. By storing keys elsewhere, the web server is protected from divulging sensitive data in the event of a cyberattack. The web server can also work more efficiently and quickly without the added consideration of encryption key storage.
When combined with a Futurex HSM, Apache Tomcat simplifies private key storage on the HSM and allows for decrypting and processing TLS handshakes on the server. The Futurex HSM provides a FIPS 140-2 Level 3 validated platform to store encryption keys, while Apache Tomcat requests those keys as needed. Apache Tomcat handles the cryptographic processes for the server, but the encryption keys themselves are never stored in the clear. Instead, they are secured within the tamper-evident and tamper-responsive boundaries of the HSM.
Apache Tomcat supports PKCS #11 libraries, therefore eliminating the need for application development. The supplemental Futurex Apache Tomcat Integration Guide offers a step-by-step description of the process for quick configuration.
Those interested in configuring Apache Tomcat with a Futurex HSM may request to download the Futurex Apache Tomcat Integration Guide from the Futurex website.