Install and configure the Futurex Client Library EKM

the {{futurex}} client library (fxcl) is a set of functions, offered through either java (java native interface) or c++, which applications use to access cryptographic processing and key management functionality install fxcl ekm to maintain system security, install and operate only copies of fxcl that you get directly from {{futurex}} a member of the solutions architect team provides these files directly, or you can download them on the {{futurex}} portal or equivalent {{futurex}} operated file distribution platform perform the following steps to install fxcl expandable key management (ekm) download or copy the fxcl x x x win64 zip file to the computer that runs the microsoft sql server instance unzip the file in any directory and go to the fxcl x x x win64\bin folder copy ekm config json and libfxcl ekm dll to c \program files\futurex\fxcl\kmes\ekm\ and change the name of the ekm config json file to config json configure fxcl ekm perform the following steps to configure fxcl ekm create the c \fx logs directory the fxcl ekm configuration file outputs content to fxcl ekm logs to the c \fx logs\ directory open the config json file for editing, and make the following changes parameter required configuration log file set the define to point to the c \fx logs\fxcl ekm log directory host set the define to point to the ip and port of the network connected kmes series 3 device in the windows store tls settings section, make the following changes as shown in the following sample file parameter required configuration win cert store set the define to point to the my , which corresponds with the personal store win cert name set the define to the common or subject name of the microsoft sql server certificate win ca stores set the define to the root store, which corresponds with the trusted root certification authorities store win use crl set the define to true { // enables output via debugoutputstring // (default false) // note that regardless of this setting, output is // placed in the debug view while loading the config "enable debug view" false, // a file to place logs into optional // if not provided, no log file is made "log file" "c \\\fx logs\\\fxcl ekm log", // level of logging to emit case insensitive // possible values none, error, info, debug, traffic (default info) "log level" "traffic", // what kind of key storage unit is this? // possible values kmes (default kmes) // not currently used, it always uses kmes "driver" "kmes", // the host to connect to required "host" "10 0 5 209 2001", // windows store tls settings // to load from window store set fields(win cert store, win cert name, win ca stores, win use crl) // windows store settings will have priority over loading from file settings // windows store name with client certificate (optional) "win cert store" "my", // client certificate subject name in windows store (optional) "win cert name" "sqlserver", // windows store with ca certificate (optional) "win ca stores" "root", // load crl from ca certificate in windows store (optional) "win use crl" true } the preceding sample configuration file does not include the ca , p12 , and p12 pass file tls setting defines because this guide uses the windows store tls authentication method however, the windows store tls settings take precedence if both are defined