Appendix: Futurex certification process
The Futurex certification process is a rigorous and standardized approach to testing and certifying integrations between third-party applications and Futurex HSMs and key management servers (such as KMES Series 3).
The certification process ensures that we fully test and validate third-party application integrations in a lab environment before deploying them in a production environment. Our integration Engineering team implements this process so that you can be confident that third-party applications integrate seamlessly with Futurex HSMs and KMES Series 3 devices and that all operations result in the expected behavior. The certification process involves several steps, including research, testing, troubleshooting, and certification, and is fully documented in an integration guide for each integration. The full process includes the following steps:
- Research the third-party application to gain a general understanding of the solution and the protocol it uses to integrate with an HSM or KMS device (such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, and KMIP).
- Determine the scope of the third-party application use of the HSM or KMS device, including the specific functionalities it uses (for example, data encryption, key protection, entropy, and so on).
- Install and configure the third-party application in a lab environment, where all testing and validation takes place.
- Establish a connection between the third-party application and the Futurex device, which typically involves configuring TLS certificates and creating roles and identities that the third-party application uses to connect and authenticate to the Futurex device.
- Initiate a request from the third-party application to the Futurex device, such as generating keys or certificates, encrypting or decrypting data, or performing other cryptographic functions.
- If any errors occur during the testing process, the Integration Engineering team diagnoses the issues and takes necessary corrective actions. If necessary, the team also documents the errors by creating engineering change requests (ECRs) to ensure all issues are addressed and resolved before certification.
- After any necessary engineering changes have been made, the team performs a new end-to-end test to ensure that all errors are resolved and all operations are successful.
- Certify the integration by creating an integration guide that covers all necessary prerequisites, lists configurations required in both the third-party application and the Futurex device, and provides instructions to test functionality.
By following these steps, we ensure that the integration between the third-party application and the Futurex device is fully tested and validated and that we resolve any errors or issues before we certify the integration as fully supported.