Quick Reference

this section offers a quick reference to key prerequisites and high level implementation steps for basic testing procedures for the integration, see validate and test docid\ txxboe9tdtaizi5r0htw8 pre implementation ensure your environment complies with the following requirements install dependencies opensc (from source or with package manager under opensc ) openvpn access server python 3 6 and newer python library asn1crypto check openssl version (v3 0 or newer) admin privileges on the {{vectera}} implementation you can complete most tasks in this section by using either excrypt manager or fxcli the exception is the second option of task 7 ( create connection certificates for mutual authentication ), for which you must use fxcli you can optionally complete steps 4 through 6 by using the guardian series 3 (see the applicable guide for configuring hsms for pkcs #11 integrations by using the guardian series 3) if you use a virtual hsm for the integration, you must connect to it over the network through fxcli, the excrypt touch, or the guardian series 3 install futurex pkcs #11 module ( fxpkcs11 ) install futurex commande line interface ( fxcli ) configure vectera connect to the hsm with a usb to enable excrypt manager or fxcli confirm command primary mode is general purpose (gp), and pkcs #11 feature is enabled configure hsm's network load {{ftk}} , {{pmk}} , and {{bek}} major keys configure the transaction processing connection create a new application partition for the integration create a new identity and give it access to the newly created application partition configure tls with either server side or mutual authentication edit the fxpkcs11 configuration file install and configure {{pkcs11 provider}} prepare cryptographic material for access server set access server in external pki mode (optional) create server ca generate server certificate and key generate client certificate and key configure access server and setup a test client generate tls auth key generate diffie hellman parameters import certificate and key files to access server configure test client on access server admin ui generate and download a server locked profile for the client install the profile and p12 file to openvpn connect v3 application post implementation after you complete the integration, perform the following tasks to validate it using openvpn connect application, validate the connection by connecting to the vpn using the certificate and p12 file