Install and configure the FXCL CNG

applications use the {{futurex}} client library (fxcl), a set of functions offered through either java (java native interface) or c++, to access cryptographic processing and key management functionality install fxcl cng to maintain system security, install and operate only copies of fxcl that you get directly from us a member of the solutions architect team either provides the files or makes them available for download on the {{futurex}} portal or equivalent {{futurex}} operated file distribution platform download or copy the fxcl x x x win64 zip file to the computer where you plan to run the microsoft ad cs instance unzip the file in any directory, then go to the fxcl x x x win64\bin folder run the installcng bat file to install fxcl cng if the installation fails, copy all of the files in the bin\ folder to c \program files\futurex\fxcl\kmes\cng\ , and change the cng config json file name to config json configure fxcl cng perform the following steps to configure fxcl cng create a certs\ directory in c \ (i e , c \certs ) and copy all of the tls connection certificates to the certs\ folder create a futurex\ directory in c \ (i e , c \futurex ) the fxcl cng configuration file will be configured to output the fxcl cng logs to the futurex\ directory edit the config json file to point to the tls connection certificates and the network connected {{k3}} device an example config json file is shown here { // enables output via debugoutputstring // (default false) // note that regardless of this setting, output is // placed in the debug view while loading the config "enable debug view" false, // a file to place logs into optional // if not provided, no log file is made "log file" "c \\\futurex\\\fxcl log", // level of logging to emit case insensitive // possible values none, error, info, debug, traffic (default info) "log level" "traffic", // what kind of key storage unit is this? // possible values kmes (default kmes) // not currently used, it always uses kmes "driver" "kmes", // the host to connect to required "host" "10 0 8 22 2001", // a pem file containing a list of trusted ca certificates required "ca" "c \\\certs\\\tls ca pem", // a p12 file containing leaf certificate and key required "p12" "c \\\certs\\\pki p12", // password to unlock the p12 file optional // if not given, assumes it doesn't need a password "p12 pass" "safest" } the tls ca pem file is the root ca certificate, and the pki p12 file is the ad cs certificate exported as a pkcs #12 file in configure kmes series 3 section