Edit the Futurex PKCS #11 configuration file

the fxpkcs11 cfg file enables you to set the fxpkcs #11 library to connect to the {{k3}} to edit the file, run a text editor as an administrator on windows or as root on linux and edit the configuration file accordingly most notably, you must set the fields described in this section inside the \<kms> section of the file our pkcs #11 library expects to find the pkcs #11 config file in a certain location (c \program files\futurex\fxpkcs11\fxpkcs11 cfg for windows and /etc/fxpkcs11 cfg for linux), but you can override that location by using the fxpkcs11 cfg environment variable to configure the fxpkcs11 cfg file, edit the following sections of the partial file sample \<kms> \# which pkcs11 slot \<slot> 0 \</slot> \# login username \<crypto opr> vsec \</crypto opr> \# key group name \<keygroup name> vsec symmetric keygroup \</keygroup name> \# connection information \<address> 10 0 8 20 \</address> \<prod port> 2001 \</prod port> \<prod tls enabled> yes \</prod tls enabled> \<prod tls anonymous> no \</prod tls anonymous> \# \<prod tls ca> /home/user/tls/root pem \</prod tls ca> \# \<prod tls cert> /home/user/tls/signed client cert pem \</prod tls cert> \<prod tls key> /home/user/tls/vsec client cert p12 \</prod tls key> \<prod tls key pass> safest \</prod tls key pass> \# yes = this is communicating through a guardian \<fx load balance> no \</fx load balance> \</kms> field description \<slot> can leave set to the default value of 0 \<crypto opr> specify the name of the identity created on the {{k}} \<keygroup name> can leave set to the default value, keygroup1 , or specify a different name, as shown above \<address> specify the ip address of the {{k}} to which the pkcs #11 library should connect \<prod port> set the pkcs #11 library to connect to the default host api port on the {{k}} , port 2001 \<prod tls enabled> set the field to yes the only way to connect to the host api port on the {{k}} is over tls \<prod tls anonymous> set this value to no because you're connecting to the host api port by using mutual authentication this field defines whether the pkcs #11 library authenticates to the {{k}} \<prod tls ca> because you use a pkcs #12 file to connect, remove or comment out this tag \<prod tls cert> because you use a pkcs #12 file to connect, remove or comment out this tag \<prod tls key> specify the location of the pkcs #12 file you exported for this integration this file contains the verasec private key and certificate, encrypted under the password specified in the \<prod tls key pass> field \<prod tls key pass> set the password of the pkcs #12 file \<fx load balance> set this field to yes if you use a guardian to manage {{k3}} devices in a cluster if you don't use a guardian, set it to no for additional details, see the {{k}} pkcs #11 technical reference on the {{futurex}} portal after you edit the fxpkcs11 cfg file, run the pkcs11manager file to test the connection against the {{k3}} , and check the fxpkcs11 log for errors and information special defines required for this integration for the versasec integration, add the following defines to the \<config> section of the fxpkcs11 configuration file \# required for the vsec integration \<key require login> no \</key require login> \<allow duplabels> yes \</allow duplabels> \<enforce immutable> no \</enforce immutable>