THIS IS A WORK IN PROGRESS!

Smart ID Identity Manager offers support for HSM (Hardware Security Model) for several use cases:

...

This is a more secure solution for signing and encryption than PKCS#12 files, which are files in the file system, only protected by a PIN code.

...

.

The set of JAR files in Certificate Manager (CM) 8.4 and later has changed. This applies to Identity Manager in Smart ID 21.10 and later - see this note for the updates, see also section "Configure Tomcat" below.

...

1. To avoid this, you have these options:

   1. Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).

      OR

   2. Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).

      1. CMSDK JARs:

         • cmcommon*.jar

         • cmsdk-*.jar

         • common-*.jar

      2. BouncyCastle JARs:

         • bcmail-*.jar

         • bcpgp-*.jar

         • bcpkix-*.jar

         • bcprov-*.jar (including bcprov-ext-*.jar)

Additional information