Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

Edit the Futurex PKCS #11 configuration file to connect the library to the Vectera Plus HSM.
The default configuration file location on Linux is /etc/fxpkcs11.cfg. To use a custom location, set the FXPKCS11_CFG environment variable.
Open the configuration file and set the following values:
fxpkcs11.cfg
<HSM>
  <SLOT>0</SLOT>
  <LABEL>Futurex</LABEL>
  <CRYPTO-OPR>[identity_name]</CRYPTO-OPR>
  <CRYPTO-OPR-PASS>[identity_password]</CRYPTO-OPR-PASS>
  <ADDRESS>[hsm_ip_address]</ADDRESS>
  <PROD-PORT>9100</PROD-PORT>
  <PROD-TLS-ENABLED>YES</PROD-TLS-ENABLED>
  <PROD-TLS-ANONYMOUS>NO</PROD-TLS-ANONYMOUS>
  <PROD-TLS-CA>[ca_cert_path]</PROD-TLS-CA>
  <PROD-TLS-KEY>[pkcs12_path]</PROD-TLS-KEY>
  <PROD-TLS-KEY-PASS>[pkcs12_password]</PROD-TLS-KEY-PASS>
  <FX-LOAD-BALANCE>NO</FX-LOAD-BALANCE>
</HSM>
FieldDescription
SLOTSlot number (default: 0)
LABELLabel for the HSM slot (default: Futurex)
CRYPTO-OPRIdentity name created on the Vectera Plus
CRYPTO-OPR-PASSPassword for the identity
ADDRESSIP address or hostname of the Vectera Plus
PROD-PORTExcrypt port (default: 9100)
PROD-TLS-ENABLEDEnable TLS (YES or NO)
PROD-TLS-ANONYMOUSAnonymous TLS mode (YES or NO)
PROD-TLS-CAPath to the CA certificate chain file
PROD-TLS-KEYPath to the client PKCS #12 file
PROD-TLS-KEY-PASSPassword for the PKCS #12 file
FX-LOAD-BALANCEEnable load balancing (YES or NO)
Ensure the ADSS Server process user (typically root) has read permissions on the configuration file, PKCS #12 file, and CA certificate chain file. The paths must be absolute.

Add special defines for FIPS mode

If the Vectera Plus operates in FIPS mode, add the following defines to the configuration file: 
<CRYPTO-OPR2>[second_identity_name]</CRYPTO-OPR2>
<FORCED-ASYMMETRIC-USAGE>SIGN | VERIFY</FORCED-ASYMMETRIC-USAGE>
<KEY-REQUIRE-LOGIN>NO</KEY-REQUIRE-LOGIN>