Certificate management
Microsoft Windows Certificate ...

Edit the Futurex CNG configuration file

16min

The CNG library uses the CNG configuration file, fxcng.cfg, to connect to the HSM. It enables you to modify certain configurations and set connection details. This section covers the <HSM> portion of the FXCNG configuration file where you configure the connection details.

By default, the FXCNG library looks for the configuration file at C:\Program Files\Futurex\fxcng\fxcng.cfg. Alternatively, you can set the FXCNG_CFG environment variable to the location of the fxcng.cfg file.

Open the fxcng.cfg file in a text editor as an administrator and edit it accordingly.

Text


Field

Description



<SLOT>

Leave set to the default value of 0.



<LABEL>

Leave set to the default value of Futurex.



<CRYPTO-OPR>

Specify the name of the identity created for the application partition.



<CRYPTO-OPR-PASS>

Specify the password of the identity configured in the <CRYPTO-OPR> field. You can use this to log the application into the HSM automatically if necessary.



<ADDRESS>

Specify the IP address of the HSM to which the FXCNG library should connect.



<PROD-PORT>

Set the port number of the HSM that the FXCNG library should connect to.



<PROD-TLS-ENABLED>

Set the field to YES.



<PROD-TLS-ANONYMOUS>

Defines whether the FXPKCS11 library authenticates to the server.



<PROD-TLS-ENGINE>

Setting the define to WINDOWS specifies the TLS connection certificate is saved in the Windows Certificate Store rather than on the local file system.



<PROD-TLS-WIN-STORE>

Specifying My in this field tells the FXCNG library to look for the TLS client certificate in the Personal Windows Certificate Store.



<PROD-TLS-KEY>

Specifies the Common Name of the TLS client certificate.



<PROD-TLS-CA>

You can use multiple instances of this define to specify where to save the CA certificates in the file system. FXCNG does not pull CAs from the Windows Certificate Store.



<FX-LOAD-BALANCE>

If you use a Guardian to manage HSM devices in a cluster, set this field to YES.

If you don't use a Guardian, set it to NO.



After you finish editing the fxcng.cfg file, run the CNGInstallUtil file to test the connection against the HSM, and check the FxCNG-Install-Log.txt file for errors and information.

Define integration-specific configurations

For this integration, you must add the following define to the <CONFIG> section of the FXCNG configuration file:

Text