This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see Validate and test.Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
Pre-implementation
Ensure your environment complies with the following requirements:- Install dependencies
- OpenSC (from source or with package manager under
opensc)
- OpenSC (from source or with package manager under
- Check OpenSSL version (v3.0 or newer)
- Admin privileges on the HSM
- Nginx
Implementation
Perform the following high-level steps to implement this integration:You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
- Install Futurex PKCS #11 module (FXPKCS11).
- Install Futurex Excrypt Manager [Optional - If using Windows to configure the Vectera Plus for the integration]
- Install Futurex Command Line Interface (FXCLI).
- Configure Vectera Plus:
- Connect to the HSM with a USB to enable Excrypt Manager or FXCLI.
- Confirm that the Command Primary Mode is General Purpose (GP) and that the PKCS #11 feature is enabled.
- Configure the HSM network.
- Load FTK , PMK and BEK major keys.
- Configure the transaction processing connection.
- Create a new application partition for the integration.
- Create a new identity and give it access to the newly created application partition.
- Configure Transport Layer Security (TLS) with either server-side or mutual authentication.
- Edit the FXPKCS11 configuration file.
- Install and configure pkcs11-provider.
- Configure the Nginx server with Vectera Plus.
Post-implementation
After completing the integration, perform the following tasks to validate it:- Use a web browser to validate that Nginx is using the Vectera Plus stored TLS certificate and private key.