> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Edit the Futurex PKCS #11 configuration file

> Configure the Futurex PKCS #11 configuration file to connect to the Vectera Plus.

*Edit the Futurex PKCS #11 configuration file to connect the library to the Vectera Plus HSM.*

<Note>
  The default configuration file location on Linux is `/etc/fxpkcs11.cfg`. To use a custom location, set the `FXPKCS11_CFG` environment variable.
</Note>

Open the configuration file and set the following values:

```xml title="fxpkcs11.cfg" theme={null}
<HSM>
  <SLOT>0</SLOT>
  <LABEL>Futurex</LABEL>
  <CRYPTO-OPR>[identity_name]</CRYPTO-OPR>
  <CRYPTO-OPR-PASS>[identity_password]</CRYPTO-OPR-PASS>
  <ADDRESS>[hsm_ip_address]</ADDRESS>
  <PROD-PORT>9100</PROD-PORT>
  <PROD-TLS-ENABLED>YES</PROD-TLS-ENABLED>
  <PROD-TLS-ANONYMOUS>NO</PROD-TLS-ANONYMOUS>
  <PROD-TLS-CA>[ca_cert_path]</PROD-TLS-CA>
  <PROD-TLS-KEY>[pkcs12_path]</PROD-TLS-KEY>
  <PROD-TLS-KEY-PASS>[pkcs12_password]</PROD-TLS-KEY-PASS>
  <FX-LOAD-BALANCE>NO</FX-LOAD-BALANCE>
</HSM>
```

| Field              | Description                                 |
| ------------------ | ------------------------------------------- |
| SLOT               | Slot number (default: `0`)                  |
| LABEL              | Label for the HSM slot (default: `Futurex`) |
| CRYPTO-OPR         | Identity name created on the Vectera Plus   |
| CRYPTO-OPR-PASS    | Password for the identity                   |
| ADDRESS            | IP address or hostname of the Vectera Plus  |
| PROD-PORT          | Excrypt port (default: `9100`)              |
| PROD-TLS-ENABLED   | Enable TLS (`YES` or `NO`)                  |
| PROD-TLS-ANONYMOUS | Anonymous TLS mode (`YES` or `NO`)          |
| PROD-TLS-CA        | Path to the CA certificate chain file       |
| PROD-TLS-KEY       | Path to the client PKCS #12 file            |
| PROD-TLS-KEY-PASS  | Password for the PKCS #12 file              |
| FX-LOAD-BALANCE    | Enable load balancing (`YES` or `NO`)       |

<Warning>
  Ensure the ADSS Server process user (typically `root`) has read permissions on the configuration file, PKCS #12 file, and CA certificate chain file. The paths must be absolute.
</Warning>

## Add special defines for FIPS mode

If the Vectera Plus operates in FIPS mode, add the following defines to the configuration file:

```xml theme={null}
<CRYPTO-OPR2>[second_identity_name]</CRYPTO-OPR2>
<FORCED-ASYMMETRIC-USAGE>SIGN | VERIFY</FORCED-ASYMMETRIC-USAGE>
<KEY-REQUIRE-LOGIN>NO</KEY-REQUIRE-LOGIN>
```
