> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy new client endpoint on the CryptoHub

> Instructions for deploying a client endpoint in CryptoHub to authorize TrueNAS Enterprise KMIP usage.

After deploying the TrueNAS Enterprise service in CryptoHub, you must deploy a client endpoint to authorize the KMIP-supported application to use the service.

Perform the following steps to deploy a client endpoint:

<Steps>
  <Step>
    Go to the **Endpoints** menu for the service you deployed.
  </Step>

  <Step>
    In the **Manage Endpoints** menu, select **\[ Add New ]**.
  </Step>

  <Step>
    In the **Add Endpoint** dialog:

    * Enter a **Name** for the endpoint (optional).
    * Leave set the CryptoHub **Hostname** that is auto-populated.
  </Step>

  <Step>
    Select **\[ Add Endpoint ]**. The browser prompts you to download a zip file which contains the following files:

    | File                                                               | Description                                                                                                                           |
    | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
    | `ca-chain.pem`                                                     | CA certificate bundle                                                                                                                 |
    | `client-cert.pem`                                                  | Client TLS certificate                                                                                                                |
    | `credential.txt`                                                   | Contains the name of the identity CryptoHub created for TrueNAS Enterprise to use when connecting and authenticating via KMIP         |
    | `info.txt`                                                         | Includes the service name and address for connecting to the CryptoHub                                                                 |
    | `pki.p12`                                                          | Full Client PKI in encrypted PKCS #12 format (contains the CA chain, client certificate, and client private key)                      |
    | `pki-password.txt`                                                 | Contains the password for the PKCS #12 file                                                                                           |
    | `CryptoHub <number>.cer`                                           | Auto-generated self-signed CA certificate used to issue client endpoint TLS certs (number is random)                                  |
    | `Futurex Test Root CA (ECC).cer` or `Futurex Test Root SSL CA.cer` | Futurex Test Root CA for embedded Futurex Test TLS certs (ECC or RSA, based on the algorithm configured for the KMIP connection pair) |
    | `<number>-Prod-App-Alt.cer`                                        | KMIP server TLS certificate (number is random)                                                                                        |
  </Step>
</Steps>
