Edit the Futurex CNG configuration file

the {{futurex}} cng library uses the {{futurex}} cng configuration file, fxcng cfg , to connect to the hsm it enables you to modify certain configurations and set connection details this section covers the \<hsm> portion of the fxcng configuration file where you configure the connection details by default, the fxcng library looks for the configuration file at c \program files\futurex\fxcng\fxcng cfg alternatively, you can set the fxcng cfg environment variable to the location of the fxcng cfg file open the fxcng cfg file in a text editor as an administrator and edit it accordingly \<hsm> \# which pkcs11 slot \<slot> 0 \</slot> \<label> futurex \</label> \# hsm crypto operator user name \<crypto opr> \[identity name] \</crypto opr> \# automatically login on session open \<crypto opr pass> \[identity password] \</crypto opr pass> \# connection information \<address> 10 0 8 30 \</address> \<prod port> 9100 \</prod port> \<prod tls enabled> yes \</prod tls enabled> \<prod tls anonymous> no \</prod tls anonymous> \# windows certificate store \<prod tls engine> windows \</prod tls engine> \<prod tls win store> my \</prod tls win store> \<prod tls key> futurex cng \</prod tls key> \<prod tls ca> /path/to/tlsca pem \</prod tls ca> \# \<prod tls ca> /home/user/tls/root pem \</prod tls ca> \# \<prod tls ca> /home/user/tls/sub1 pem \</prod tls ca> \# \<prod tls ca> /home/user/tls/sub2 pem \</prod tls ca> \# \<prod tls key> c \tls\clientpki p12 \</prod tls key> \# \<prod tls key pass> safest \</prod tls key pass> \# yes = this is communicating through a guardian \<fx load balance> no \</fx load balance> \</hsm> field description \<slot> leave set to the default value of 0 \<label> leave set to the default value of futurex \<crypto opr> specify the name of the identity created for the application partition \<crypto opr pass> specify the password of the identity configured in the \<crypto opr> field you can use this to log the application into the hsm automatically if necessary \<address> specify the ip address of the hsm to which the fxcng library should connect \<prod port> set the port number of the hsm that the fxcng library should connect to \<prod tls enabled> set the field to yes \<prod tls anonymous> defines whether the fxpkcs11 library authenticates to the server \<prod tls engine> setting the define to windows specifies the tls connection certificate is saved in the windows certificate store rather than on the local file system \<prod tls win store> specifying my in this field tells the fxcng library to look for the tls client certificate in the personal windows certificate store \<prod tls key> specifies the common name of the tls client certificate \<prod tls ca> you can use multiple instances of this define to specify where to save the ca certificates in the file system fxcng does not pull cas from the windows certificate store \<fx load balance> if you use a guardian to manage hsm devices in a cluster, set this field to yes if you don't use a guardian, set it to no after you finish editing the fxcng cfg file, run the cnginstallutil file to test the connection against the hsm, and check the fxcng install log txt file for errors and information