Skip to main content
After deploying the Microsoft OCSP service in CryptoHub, you need to deploy a client endpoint and install the FXCL CNG provider. Endpoints refer to devices that are authorized to access this service. In the Endpoints menu, you can view and filter details about existing endpoints. You can also add new endpoints by selecting [ Add New ]. This prompts you to enter the device address and specify the endpoint.
The Futurex FXCL KMES CNG provider must be installed on the OCSP server. For an Enterprise CA where the OCSP signing certificate is enrolled via template, the provider must also be installed on the CA server so the template can be configured against it.
Perform the following steps to deploy a client endpoint and install the client library files:

Deploy client endpoint

1
Go to the Endpoints menu inside the service you deployed.
2
In the Manage Endpoints menu, select [ Add New ].
3
In the Add Endpoint dialog:
  • Enter a Name for the endpoint.
  • Leave the value set the CryptoHub Hostname that auto-populates.
  • Select the Platform Microsoft OCSP for deployment.
4
Select [ Add Endpoint ].The browser should prompt the user to download a zip file containing the FXCL CNG module and a configuration file pre-configured to connect to your CryptoHub instance.Perform the steps in the next section to install it on the OCSP server. For an Enterprise CA where the OCSP signing certificate is enrolled via template, repeat the deployment and install on the CA server as well.

Install FXCL CNG

Perform the following steps to install the FXCL CNG module:
1
Extract the zip file downloaded in your browser after deploying the service in CryptoHub.
2
Go to the extracted directory, which contains the following files:
  • client.p12
  • CNGInstallUtil.exe
  • config.json
  • InstallCNG.bat
  • libfxcl-cng.dll
  • UninstallCNG.bat
3
Run the InstallCNG.bat file to install FXCL CNG. If the installation fails, create the directory path C:\Program Files\Futurex\fxcl\kmes\cng as an administrator and move all the files extracted from the zip into that directory.

Verify the provider is installed

Confirm the provider is installed and CryptoHub is reachable: 
certutil -csplist
The output should list:
Provider Name: Futurex FXCL KMES CNG
If the provider loads but reports NTE_DEVICE_NOT_READY for an unrelated provider (such as the Microsoft Smart Card Key Storage Provider), that error refers to the smart card provider and can be ignored.