Quick reference

this section offers a quick reference to key prerequisites and high level implementation steps for basic testing procedures for the integration, see validate and test docid\ gxpyt yutdkqgrgvcqfug pre implementation ensure your environment complies with the following requirements install dependencies opensc (from source or with package manager under opensc ) bind (from source, v9 20 or newer) check openssl version (v3 0 or newer) admin privileges on the hsm implementation perform the following high level steps to implement this integration you can complete most tasks in this section by using either excrypt manager or fxcli the exception is the second option of task 7 ( create connection certificates for mutual authentication ), for which you must use fxcli you can optionally complete steps 4 through 6 by using the {{guard}} (see the applicable guide for configuring hsms for pkcs #11 integrations by using the {{guard}} ) if you use a virtual hsm for the integration, you must connect to it over the network through fxcli, the excrypt touch, or the {{guard}} install {{futurex}} pkcs #11 module ( fxpkcs11) install {{futurex}} command line interface ( fxcli) configure {{vectera}} connect to the hsm with a usb to enable excrypt manager or fxcli confirm that the command primary mode is general purpose (gp) and that you enable the pkcs #11 feature configure the hsm network load {{ftk}} , {{pmk}} and {{bek}} major keys configure the transaction processing connection create a new application partition for the integration create a new identity and give it access to the newly created application partition configure tls with either server side or mutual authentication edit the fxpkcs11 configuration file install and configure {{pkcs11 provider}} post implementation after you complete the integration, perform the following tasks to validate it generate keys with opensc convert hsm stored keys to be compatible with the bind interface sign the zone with the bind9 compatible keys