This section offers a quick reference to key prerequisites and high-level implementation steps.Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
Pre-implementation
- Attain required permissions on Salesforce for the account that will be performing the integration
- Manage Encryption Keys
- Manage Certificates
- Customize Application
- Admin privileges on the HSM
- Check if OpenSSL is installed on device
- Install dependencies
- Python 3.x
Implementation
You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
- Install Futurex PKCS #11 module (FXPKCS11)
- Install Futurex Command Line Interface (FXCLI)
- Configure Vectera
- Connect to the HSM with a USB to enable Excrypt Manager or FXCLI
- Confirm Command Primary Mode is General Purpose (GP), and PKCS #11 feature is enabled
- Configure HSM’s network
- Load FTK , PMK and BEK major keys
- Configure the transaction processing connection
- Create a new application partition for the integration
- Create a new identity and give it access to the newly created application partition
- Configure TLS with either server-side or mutual authentication
- Create & download Salesforce certificate and upload Salesforce public key to HSM
- Upload AES-256 key to HSM and generate hashed & encrypted tenant secrets
- Upload hashed and encrypted tenant secret files to Salesforce