Install Futurex PKCS #11 (FXPKCS11)
For a Linux environment, download the tarball of the PKCS #11 binaries from the Portal.
Extract the .tar file locally where you want to install the application on your file system.
For the PKCS #11 module to be accessible system-wide, an administrative user must place it in /usr/local/bin. If only the current user needs to use the module, then installing it into $HOME/bin is appropriate.
The extracted content of the .tar file is a single fxpkcs11 directory. This directory contains the following files and directories (only the files and folders relevant to the installation process are included in this list):
Filename or directory
Description
fxpkcs11.cfg
PKCS #11 configuration file to use for HSM Integrations.
x86/
This folder contains the module files for 32-bit architecture.
x64/
This folder contains the module files for 64-bit architecture.
The x86 and x64 directories contain multiple directories named for the specific OpenSSL versions. These OpenSSL directories contain the PKCS #11 module files built with the respective OpenSSL versions.
File Name
Description
configTest
Program to test configuration and connection to the HSM.
libfxpkcs11.so
PKCS #11 Library file.
PKCS11Manager
Program to test connection and manage the HSM through the PKCS #11 library.
The configTest and PKCS11Manager programs look for the PKCS #11 configuration file in the /etc directory. You must either move the file from the /usr/local/bin/fxpkcs11 directory to the /etc directory or set the FXPKCS11_CFG environment variable to point to the PKCS #11 configuration file.
In the final section of this integration guide, the Zettaset XCrypt Full Disk installer script runs certain commands with the ztsca user. Because of this, the ztsca user must have full permissions on the FXPKCS11 module, configuration, and log files. The simplest way to do this is to make the pkcs11 group the owner of the FXPKCS11 files. The ztsca user is a part of this group. To make this configuration, perform the following commands: