Edit the Futurex PKCS #11 configuration file
If you plan to run Oracle Database in a Docker container, skip this section. A later section covers the steps to configure the Futurex PKCS #11 configuration file specific to a container implementation.
The fxpkcs11.cfg file enables you to set the FXPKCS #11 library to connect to the . To edit the file, run a text editor as an Administrator on Windows or as root on Linux, and edit the configuration file accordingly. Most notably, you must set the fields described in this section inside the <KMS> section of the file.
Our PKCS #11 library expects to find the PKCS #11 config file in (C:\Program Files\Futurex\fxpkcs11\fxpkcs11.cfg for Windows and /etc/fxpkcs11.cfg for Linux), but you can override that location by using the FXPKCS11_CFG environment variable.
To configure the fxpkcs11.cfg file, edit the following sections of the partial file sample:
Field
Description
<SLOT>
Can leave it set to the default value of 0.
<LOG-FILE>
Set the path of the PKCS #11 log file.
<PROD-TLS-ENABLED>
<PROD-TLS-ANONYMOUS>
<PROD-TLS-CA>
Define the location of the CA certificates with one or more instances of this tag. In this example, there is only one CA certificate.
<PROD-TLS-CERT>
Set the location of the signed client certificate.
<PROD-TLS-KEY>
Set the location of the client private key. Supported formats for the TLS private key are PKCS #1 clear private keys, PKCS #8 encrypted private keys, or a PKCS #12 file that contains the private key and certificates encrypted under a password.
<PROD-TLS-KEY-PASS>
Set the password of the PKCS #12 file, if necessary.
<FX-LOAD-BALANCE>
You must set the following define to YES in the <CONFIG> section of the FXPKCS11 configuration file for the Oracle Database TDE integration: