Quick Reference

this section offers a quick reference to key prerequisites and high level implementation steps for basic testing procedures for the integration, see validate and test docid\ zdda7kysezjg60bdcrexb pre implementation ensure your environment complies with the following requirements install dependencies opensc (from source or with package manager under opensc ) check openssl version (v3 0 or newer) admin privileges on the hsm implementation perform the following high level steps to implement this integration you can complete most tasks in this section by using either excrypt manager or fxcli the exception is the second option of task 7 ( create connection certificates for mutual authentication ), for which you must use fxcli you can optionally complete steps 4 through 6 by using the {{guard}} (see the applicable guide for configuring hsms for pkcs #11 integrations by using the {{guard}} ) if you use a virtual hsm for the integration, you must connect to it over the network through fxcli, the excrypt touch, or the {{guard}} install {{futurex}} pkcs #11 module ( fxpkcs11) install {{futurex}} excrypt manager \[optional if using windows to configure the vectera plus for the integration] install {{futurex}} command line interface ( fxcli) configure {{vectera}} connect to the hsm with a usb to enable excrypt manager or fxcli confirm that the command primary mode is general purpose (gp) and that the pkcs #11 feature is enabled configure the hsm network load {{ftk}} , {{pmk}} and {{bek}} major keys configure the transaction processing connection create a new application partition for the integration create a new identity and give it access to the newly created application partition configure tls with either server side or mutual authentication edit the fxpkcs11 configuration file install and configure {{pkcs11 provider}} post implementation after you complete the integration, perform the following tasks to validate it using opensc , generate a key pair that will be stored on the {{vectera}} using openssl provider architecture output the public key to a local file encrypt and decrypt data sign a file and verify the signature create a self signed root ca generate a csr signed a csr