Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

Applications use the Futurex Client Library (FXCL), a set of functions offered through either Java (Java Native Interface) or C++, to access cryptographic processing and key management functionality.

Install FXCL CNG

To maintain system security, install and operate only copies of FXCL that you get directly from us. A member of the Solutions Architect team either provides the files or makes them available for download on the Futurex Portal or equivalent Futurex-operated file distribution platform.
1
Download or copy the fxcl-x.x.x-win64.zip file to the computer where you plan to run the Microsoft AD CS instance.
2
Unzip the file in any directory, then go to the fxcl-x.x.x-win64\bin folder.
3
Run the InstallCNG.bat file to install FXCL CNG. If the installation fails, copy all of the files in the bin\ folder to C:\Program Files\Futurex\fxcl\kmes\cng\, and change the cng.config.json file name to config.json.

Configure FXCL CNG

Perform the following steps to configure FXCL CNG:
1
Create a Certs\ directory in C:\ (i.e., C:\Certs) and copy all of the TLS connection certificates to the Certs\ folder.
2
Create a Futurex\ directory in C:\ (i.e., C:\Futurex). The FXCL CNG configuration file will be configured to output the FXCL CNG logs to the Futurex\ directory.
3
Edit the config.json file to point to the TLS connection certificates and the network-connected KMES Series 3 device. An example config.json file is shown here:
None
{
    // Enables output via DebugOutputString
    // (default: false)
    // Note that regardless of this setting, output is
    // placed in the debug view while loading the config.
    "enable_debug_view": false,

    // A file to place logs into. Optional.
    // If not provided, no log file is made.
    "log_file": "C:\\Futurex\\fxcl.log",

    // Level of logging to emit. Case insensitive.
    // possible values: None, Error, Info, Debug, Traffic (default: Info)
    "log_level": "traffic",

    // What kind of key storage unit is this?
    // possible values: kmes (default: kmes)
    // Not currently used, it always uses kmes.
    "driver": "kmes",

    // The host to connect to. Required.
    "host": "10.0.8.22:2001",

    // A PEM file containing a list of trusted CA certificates. Required.
    "ca": "C:\\Certs\\tls_ca.pem",

    // A P12 file containing leaf certificate and key. Required.
    "p12": "C:\\Certs\\PKI.p12",

    // Password to unlock the P12 file. Optional.
    // If not given, assumes it doesn't need a password.
    "p12_pass": "safest"
}
The tls_ca.pem file is the Root CA certificate, and the PKI.p12 file is the AD CS certificate exported as a PKCS #12 file in Configure KMES Series 3 section.