Add the Futurex HSM as a PKCS #11 crypto source

Register the Futurex Vectera Plus as a PKCS #11 crypto source in ADSS Server.

Open the ADSS Admin Console

Navigate to the ADSS Admin Console (default: https://<host>:8774/adss/console) and log in with administrator credentials.

Navigate to Crypto Sources

Go to Key Manager > Crypto Sources.

Add a new PKCS #11 crypto source

Click New.

Configure the crypto source

Enter the following settings:

Setting	Value
Status	Select Active
Friendly Name	A descriptive name (e.g., Futurex HSM)
Crypto Source Vendor	Select Other
Interface Type	Select PKCS#11
PKCS#11 Module	Path to the FxPKCS11 library file (e.g., `/usr/local/lib/fxpkcs11/libfxpkcs11.so`)

Fetch Slots

Click Fetch Slots.

Define the PKCS#11 slot and PIN

Enter the following settings:

Setting	Value
PKCS#11 Slot	Select `0`
PKCS#11 PIN	Enter the password for the identity you defined in the FxPKCS11 configuration file
PKCS#11 Connection Pool Size	Use the default value of `30`
PKCS#11 Monitoring Interval	Use the default value of `360`
Enable FIPS mode	Leave the box unchecked unless you need to use FIPS mode
Copy certificates to device	Leave the box unchecked
Key Template	Select Default PKCS#11 Key Template
Key Wrapping	Select No key wrapping

Test the connection

Click Test Connection. You should see, “Connection with the PKCS#11 module is successful”.

Save the configuration

Click Save. You must restart all instances in Server Manager to make the changes take effect.

Restart instances and services

Go to Server Manager and click Restart All Instances. Then restart the ADSS Windows Services or Unix Daemons. Adding a new PKCS #11 module requires a full service restart, not just an instance restart.

Verify the PKCS#11 crypto source is available

Go to Key Manager > Crypto Sources and verify that the status for the PKCS#11 crypto source is showing as Available.

⌘I