Skip to main content
This section offers a quick reference to key prerequisites, high-level implementation steps, and post-implementation validation and follow-up tasks related to the integration.

Pre-implementation

  • Install dependencies
    • OpenSC (from source or with package manager under opensc)
    • BIND (from source, v9.20 or newer)
  • Check OpenSSL version (v3.0 or newer)
  • Admin privileges on the KMES Series 3

Implementation

  • Install Futurex PKCS #11 module (FXPKCS11)
  • Configure KMES Series 3
    • Create a new application partition (KMES Series 3 role)
    • Create a new identity and give it access to the newly created application partition
    • Enable necessary Host API commands
    • Configure TLS with server-side authentication
  • Edit FXPKCS11 configuration file
  • Install and configure pkcs11-provider

Post-implementation

  • Generate keys with OpenSC
  • Convert KMES Series 3 stored keys to be compatible with BIND interface
  • Sign the zone with the BIND9-compatible keys