Database
Microsoft SQL Server
Install and configure the Futurex Client Library EKM
3 min
the {{futurex}} client library (fxcl) is a set of functions, offered through either java (java native interface) or c++, which applications use to access cryptographic processing and key management functionality install fxcl ekm to maintain system security, install and operate only copies of fxcl that you get directly from {{futurex}} a member of the solutions architect team provides these files directly, or you can download them on the {{futurex}} portal or equivalent {{futurex}} operated file distribution platform perform the following steps to install fxcl expandable key management (ekm) download or copy the fxcl x x x win64 zip file to the computer that runs the microsoft sql server instance unzip the file in any directory and go to the fxcl x x x win64\bin folder copy ekm config json and libfxcl ekm dll to c \program files\futurex\fxcl\kmes\ekm\ and change the name of the ekm config json file to config json configure fxcl ekm perform the following steps to configure fxcl ekm create the c \fx logs directory the fxcl ekm configuration file outputs content to fxcl ekm logs to the c \fx logs\ directory open the config json file for editing, and make the following changes parameter required configuration log file set the define to point to the c \fx logs\fxcl ekm log directory host set the define to point to the ip and port of the network connected kmes series 3 device in the windows store tls settings section, make the following changes as shown in the following sample file parameter required configuration ca set the define to the location of a pem file containing a list of trusted ca certificates p12 set the define to the location of a pkcs #12 file containing the microsoft sql server client certificate and private key p12 pass set the define to the password the pkcs #12 file is encrypted under fxcl ekm version 1 8 32 added the ability to configure default key group names for symmetric and asymmetric operations users must manually create the key groups on the kmes before defining the default key group names in the fxcl ekm configuration file if the configuration is set but the key group does not exist, the key creation commands in enable tde in microsoft sql server by using ekm docid 26pf4zxujqurhckbyi2i5 will fail { // enables output via debugoutputstring // (default false) // note that regardless of this setting, output is // placed in the debug view while loading the config "enable debug view" false, // configures default key groups for symmetric and asymmetric operations (optional) // "sym key group" "ekm symmetric keys", // "asym key group" "ekm asymmetric keys", // a file to place logs into optional // if not provided, no log file is made "log file" "c \\\futurex\\\fxcl log", // level of logging to emit case insensitive // possible values none, error, info, debug, traffic (default info) "log level" "traffic", // what kind of key storage unit is this? // possible values kmes (default kmes) // not currently used, it always uses kmes "driver" "kmes", // the host to connect to required "host" "10 60 6 10 2001", // a pem file containing a list of trusted ca certificates required "ca" "c \\\certs\\\tree pem", // a p12 file containing leaf certificate and key required "p12" "c \\\certs\\\pki p12", // password to unlock the p12 file optional // if not given, assumes it doesn't need a password "p12 pass" "safest", " " "" }