Load the Futurex PKCS #11 Library into Cert Agent

perform the following steps to install and set up certagent internet explorer and firefox support its web based interface double click the certagent 7 0 5 x64 exe and follow the on screen instructions when prompted, choose the listening port to be created for the hypersql database if port 9001 is already in use, you can use 9002 or 9003 certagent prompts you to create tls ports and credentials for admin and public web interfaces after installing, configure the following details information description pkcs11 library path select \[ browse ] and select the location of fxpkcs11 dll on the hard drive (the default pkcs11 install location is c /program files/futurex ) hsm partition prompt to select one of the partitions found in the hsm hsm pin this is the password for the identity created previously common name (cn) common name for the ca root certificate that the certagent creates organization name organization name for the ca root certificate that certagent creates pkcs #12 password password to be used for pkcs #12 files the certagent and the {{vectera}} generate be sure to note the pkcs #12 password, admin tls port (< admin port >), and public tls port (< public port >) you enter during installation you need this information to import the certificates for the web browsers to access the certagent sites (administrator site, public site, ca site) next, set the sa password along with a user account and password for the certagent database be sure to note these for future use the installer creates the credentials and finalizes the installation process during the installation process, you can check the following logs c \temp\fxpkcs11 log for status related to all actions through the pkcs11 library c \program files\certagent7\install log for certagent installation status c \program files\certagent7\install hsql log for hypersql installation status at the end of the installation, certagent creates a readme txt file we recommend you read and follow the instructions for post installation steps installation verification perform the following steps to ensure certagent communicates correctly with the {{vectera}} the following procedure requires you to add the certificates installed by certagent to the trusted list of your web browser after the installation completes, you can log in to the hsm through excrypt manager to verify the keys are generated and stored on the hsm you can use fxcli to validate this installation after you connect by using the connect usb command, you must run the following commands to verify the keys exist in the {{vectera}} fxcli login user fxcli login user fxcli keytable list if all six keys are present, the installation was successful open a command terminal and go to the installation location of certagent then run the certagent setpin command to set a pin in the terminal, go to the system pin entry page shown in the readme txt and follow the instructions provided in the file after you set the system pin entry, review the readme txt file to find the links for the system administrative site, the ca account site, and the public site site description system administrative site admin controls over the system and server configuration settings can be done here as well must connect with the admin certificate ca account site when connected with the admin certificate, it allows you to set the certificate enrollment, management, crl, and other settings when connected with the operations certificate, it allows you to approve, sign, and revoke csrs and complete other certificate enrollment tasks public site when connected with the client certificate, it allows you to enroll, upload, and retrieve certificates to and from the hsm using the public site, send a certificate signing request by using the enroll function using internet explorer, you can generate a key for a certificate to be signed by the hsm firefox cannot generate a key for you after sending in a csr, log in to the ca account site using the operations certificate, find the certificate in the pending section, and issue it proper application configuration with the hsm enables you to use the web to issue and retrieve the certificate