Certificate Authority
Microsoft ADCS
Install and configure the FXCL CNG
4min
the {{futurex}} client library (fxcl) is a set of functions offered through either java (java native interface) or c++, which applications use to access cryptographic processing and key management functionality install fxcl cng to maintain system security, install and operate only copies of fxcl that you get directly from {{futurex}} a member of the solutions architect team either provides the files or makes them available for download on the {{futurex}} portal or equivalent {{futurex}} operated file distribution platform perform the following steps to install fxcl cng download or copy the fxcl x x x win64 zip file to the computer where you plan to run the microsoft ad cs instance unzip the file in any directory, then go to the fxcl x x x win64\bin folder run the installcng bat file to install fxcl cng if the installation fails, copy all of the files in the bin\ folder to c \program files\futurex\fxcl\kmes\cng\ , and change the cng config json file name to config json configure fxcl cng perform the following steps to configure fxcl cng create the c \fx logs directory the fxcl cng configuration file settings send log output to the fxcl cng logs in the fx logs\ directory open the config json file for editing, and make the following changes, as shown in the following sample file parameter required configuration log file set the define to point to c \fx logs\fxcl cng log host set the define to point to the ip and port of the network connected kmes series 3 device make the following changes in the windows store tls settings section parameter required c onfiguration win cert store set the define to point to the my , which corresponds with the personal store win cert name set the define to the common/subject name of the ad cs certificate win ca stores set the define to the root store, which corresponds with the trusted root certification authorities store win use crl set the define to true { // enables output via debugoutputstring // (default false) // note that regardless of this setting, output is // placed in the debug view while loading the config "enable debug view" false, // a file to place logs into optional // if not provided, no log file is made "log file" "c \\\fx logs\\\fxcl cng log", // level of logging to emit case insensitive // possible values none, error, info, debug, traffic (default info) "log level" "traffic", // what kind of key storage unit is this? // possible values kmes (default kmes) // not currently used, it always uses kmes "driver" "kmes", // the host to connect to required "host" "10 0 5 209 2001", // windows store tls settings // to load from window store set fields(win cert store, win cert name, win ca stores, win use crl) // windows store settings will have priority over loading from file settings // windows store name with client certificate (optional) "win cert store" "my", // client certificate subject name in windows store (optional) "win cert name" "adcs", // windows store with ca certificate (optional) "win ca stores" "root", // load crl from ca certificate in windows store (optional) "win use crl" true } the preceding sample file does not show the ca , p12 , and p12 pass file tls setting defines because the configuration procedure uses the windows store tls authentication method however, the windows store tls settings take precedence if you define both test the connection perform the following steps to test the connection between fxcl cng and the {{k3}} open either the command prompt or powershell run the following certutil command to test the connection between fxcl cng and the kmes series 3 by using the client tls certificate configured for ad cs in the windows certificate store certutil csptest csp "futurex fxcl kmes cng" rsa if the connection succeeds, the following message displays on the last line of the command output certutil csptest command completed successfully if the command fails, check the fxcl cng log for details about the error that occurred