Windows
Perform the following instructions to install FXPKCS11 on Windows:Extract the Endpoint zip file downloaded in your browser after deploying the service in CryptoHub. The zip file contains the following files:
PKCS11Manager.exe | Program to test the connection to the CryptoHub and perform basic functions through the FXPKCS11 module, such as logging in and generating random data. |
|---|---|
ca-chain.pem | CA certificate bundle |
client-cert.pem | Client TLS certificate |
client.p12 | Full Client PKI in encrypted PKCS #12 format (contains the CA chain, client certificate, and client private key) |
configTest.exe | Program to test the configuration and connection to the CryptoHub |
fxpkcs11.cfg | Configuration file for the Futurex PKCS #11 library |
fxpkcs11.dll | The Futurex PKCS #11 library file. |
CryptoHub <number>.cer | Auto-generated self-signed CA certificate used to issue client endpoint TLS certs (number is random) |
Futurex Test Root CA (ECC).cer or Futurex Test Root SSL CA.cer | Futurex Test Root CA for embedded Futurex Test TLS certs (ECC or RSA, based on the algorithm configured for the connection pair) |
Move all of the preceding FXPKCS11 files to
C:\Program Files\Futurex\fxpkcs11. Create the Futurex\fxpkcs11 directory as an administrator.The Futurex PKCS #11 module expects to find the FXPKCS11 configuration file (
fxpkcs11.cfg) in the C:\Program Files\Futurex\fxpkcs11 directory by default. If you want to store the config elsewhere, set the FXPKCS11_CFG environment variable to the full path of the config file. Ensure the TLS files referenced in the config are also in the same directory.Linux
Perform the following instructions to install FXPKCS11 on Linux:Extract the zip file downloaded from CryptoHub. The zip file contains the following files:
PKCS11Manager | Program to test the connection to the CryptoHub and perform basic functions through the FXPKCS11 module, such as logging in and generating random data. |
|---|---|
ca-chain.pem | CA certificate bundle |
client-cert.pem | Client TLS certificate |
client.p12 | Full Client PKI in encrypted PKCS #12 format (contains the CA chain, client certificate, and client private key) |
configTest | Program to test the configuration and connection to the CryptoHub |
fxpkcs11.cfg | Configuration file for the Futurex PKCS #11 library |
libfxpkcs11.so | The Futurex PKCS #11 library file. |
CryptoHub <number>.cer | Auto-generated self-signed CA certificate used to issue client endpoint TLS certs (number is random) |
Futurex Test Root CA (ECC).cer or Futurex Test Root SSL CA.cer | Futurex Test Root CA for embedded Futurex Test TLS certs (ECC or RSA, based on the algorithm configured for the connection pair) |
Move all the preceding files to one of the following locations:
- To make the FXPKCS11 library accessible system-wide, use sudo to move the files to the
/usr/local/lib/fxpkcs11directory. - To make the FXPKCS11 library accessible only for the current user, move the files to the
$HOME/lib/fxpkcs11directory.
You can find the PKCS11 PIN in the <CRYPTO-OPR-PASS> parameter in the Futurex PKCS #11 configuration file (
fxpkcs11.cfg).For PKCS #11 integrations that enable you to define the PKCS11 PIN inside the integrating application, we recommend removing the <CRYPTO-OPR-PASS> line from the FXPKCS11 configuration file.