Edit the Futurex PKCS #11 configuration file
The fxpkcs11.cfg file enables you to set the FXPKCS #11 library to connect to the . To edit the file, run a text editor as an Administrator on Windows or root on Linux, and edit the configuration file accordingly. Most notably, you must set the fields described in this section inside the <KMS> section of the file.
Our PKCS #11 library expects to find the PKCS #11 config file in a certain location (C:\Program Files\Futurex\fxpkcs11\fxpkcs11.cfg for Windows and /etc/fxpkcs11.cfg for Linux), but you can override that location by using the FXPKCS11_CFG environment variable.
To configure the fxpkcs11.cfg file, edit the following sections of the partial file sample:
Field
Description
<SLOT>
Can leave it set to the default value of 0.
<CRYPTO-OPR>
Specify the name of the identity created on the KMES.
<KEYGROUP-NAME>
<ASYM-KEYGROUP-NAME>
<LOG-FILE>
Set the path of the PKCS #11 log file.
<PROD-PORT>
Set the PKCS #11 library to connect to the default Host API port on the KMES, port 2001.
<PROD-TLS-ENABLED>
<PROD-TLS-ANONYMOUS>
<PROD-TLS-CA>
Define the location of the CA certificates with one or more instances of this tag. In this example, there is only one CA certificate.
<PROD-TLS-CERT>
Set the location of the signed client certificate.
<PROD-TLS-KEY>
Set the location of the client private key. Supported formats for the TLS private key are PKCS #1 clear private keys, PKCS #8 encrypted private keys, or a PKCS #12 file that contains the private key and certificates encrypted under a password.
<PROD-TLS-KEY-PASS>
Set the password of the PKCS #12 file, if necessary.
<FX-LOAD-BALANCE>
You must add the following define lines to the <CONFIG> section of the FXPKCS11 configuration file for the Ansible integration: