> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quick Reference

> Concise summary of prerequisites and high-level steps for OpenSSL Provider integration.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see [**Validate and test**](./Post-integration_tasks/Validate_and_test).

## Pre-implementation

Ensure your environment complies with the following requirements:

* Install dependencies
  * OpenSC (from source or with package manager under `opensc`)
* Check OpenSSL version (v3.0 or newer)
* Admin privileges on the HSM

## Implementation

Perform the following high-level steps to implement this integration:

<Note>
  You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.

  You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
</Note>

<Note>
  If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
</Note>

* Install Futurex PKCS #11 module (**FXPKCS11)**.
* Install Futurex Excrypt Manager \[Optional - If using Windows to configure the Vectera Plus for the integration]
* Install Futurex Command Line Interface (**FXCLI)**.
* Configure Vectera Plus:
  * Connect to the HSM with a USB to enable Excrypt Manager or FXCLI.
  * Confirm that the Command Primary Mode is **General Purpose (GP)** and that the **PKCS #11** feature is enabled.
  * Configure the HSM network.
  * Load FTK , PMK and BEK major keys.
  * Configure the transaction processing connection.
  * Create a new application partition for the integration.
  * Create a new identity and give it access to the newly created application partition.
  * Configure TLS with either server-side or mutual authentication.
* Edit the FXPKCS11 configuration file.
* Install and configure pkcs11-provider .

## Post-implementation

After you complete the integration, perform the following tasks to validate it:

* Using `opensc`, generate a key pair that will be stored on the Vectera Plus.
* Using `OpenSSL Provider` architecture:
  * Output the public key to a local file
  * Encrypt and decrypt data
  * Sign a file and verify the signature
  * Create a self-signed Root CA
  * Generate a CSR
  * Signed a CSR