Install and configure CertAgent
The Internet Explorer and Firefox browsers support the web-based interface used by CertAgent. Perform the following steps to install and configure CertAgent:The setup wizard prompts for the listening port for the HyperSQL database to be created. If
9001 is already in use, you can also use 9002 or 9003.Provide the following information:
| PKCS11 library path | Select [ Browse ] and select the path for the fxpkcs11.dll file. The default FXPKCS11 installation location is C:/Program Files/Futurex. |
|---|---|
| HSM Partition | Prompt to select one of the partitions found in the CryptoHub |
| HSM PIN | This is the CryptoHub identity password configured inside the <CRYPTO-OPR-PASS> tag in the fxpkcs11.cfg file. |
| Common Name (CN) | Common Name (CN) for the CA Root certificate created by CertAgent |
| Organization Name | Organization Name for the CA Root certificate created by CertAgent |
| PKCS #12 Password | Password to be used for PKCS #12 files generated by CertAgent and the CryptoHub |
Make note of the PKCS #12 password, admin TLS port (
<admin port>), and public TLS port (<public port>) you enter during installation. This information is required to import the Certificates for the web browsers to access the CertAgent sites (Administrator Site, Public Site, CA Site).Set the SA password and a user account with a password for the CertAgent database. Be sure to take note of these for future use.
The installer creates the credentials and finalizes the installation process.At the end of the installation, CertAgent creates a
README.txt file. We strongly recommend that you read and follow the instructions for the post-installation steps.Verify the installation
This section verifies that CertAgent is communicating correctly with the CryptoHub.The following requires the certificates installed by CertAgent to be added to the trusted list of your web browser.
After the installation completes, log in to the CryptoHub web UI to verify the keys have successfully been generated.
You can also use the Futurex Command Line Interface (FXCLI) to validate the installation. After you connect, run the following commands to verify the keys exist on the CryptoHub.
FXCLI
FXCLI
If all six keys are present, the installation succeeded.
Open a command terminal and go to the installation location of CertAgent. Then, run the command certagent setpin.
In the web portal, you can use the displayed links to access the following sites:
- The System Administrative Site
- Admin controls over the system and server, including configuration settings. Must connect with the Admin certificate.
- The CA Account Site
- Allows the certificate enrollment, management, CRL, and other settings to be set when connected with the Admin certificate.
- Allows CSRs to be approved, signed, revoked, and other certificate enrollment tasks to be completed when connected with the Operations certificate.
- The Public Site
- Enables users to enroll, upload, and retrieve certificates to and from the CryptoHub when connected with the Client certificate.
Using the Public Site, send a certificate signing request using the Enroll function. Using Internet Explorer, you can generate a key for a certificate to be signed by the CryptoHub. Firefox cannot generate a key for you.