> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure CryptoHub

> Procedural guide to configure CryptoHub client endpoints for Bitwarden access.

After you deploy the Bitwarden service in CryptoHub, set up a client endpoint. An endpoint is a device authorized to access the service. Use the **Endpoints** menu to view and manage these devices. You can also add new endpoints by selecting **\[ Add New ]**. When prompted, enter the device address and specify the endpoint. The following sections provide detailed instructions for deploying a client endpoint and installing the client library files.

## Deploy the client endpoint

Perform the following steps to deploy the client endpoint:

<Steps>
  <Step>
    Go to the **Endpoints** menu inside the service you deployed.
  </Step>

  <Step>
    In the **Manage Endpoints** menu, select **\[ Add New ]**.
  </Step>

  <Step>
    In the **Add Endpoint** dialog:

    1. Enter a **Name** for the endpoint (optional).
    2. Leave the CryptoHub **Hostname** set to the auto-populated value.
    3. In the **Platform** drop-down list, you must select **Linux OpenSSL 3.x 64-bit** to match the OpenSSL version installed in the Bitwarden Key Connector container.
  </Step>

  <Step>
    Select **\[ Add Endpoint ]**. The browser prompts you to download a zip file containing the Futurex PKCS #11 module and a configuration file pre-configured to connect to your CryptoHub instance. To install the files on the machine where you installed Bitwarden, perform the

    [**Configure Bitwarden**](./Configure_Bitwarden) instructions in the next section.
  </Step>
</Steps>

## Generate RSA key pair

Perform the following tasks to generate an RSA key pair for Bitwarden Key Connector:

1. Create X.509 Certificate Container and root CA.
2. Generate Bitwarden key pair.
3. Export Bitwarden certificate.
4. Assign a name to the private key.
5. Grant Use permission on the private key.

<Note>
  You must generate the Bitwarden key pair under a root CA certificate to give it the encrypt and decrypt security usage it requires.
</Note>

### Create a certificate container and CA

Perform the following steps to create an X.509 certificate container and root CA:

<Steps>
  <Step>
    Go to**Administrative Services** > **PKI Management** > **Certificate Management**.
  </Step>

  <Step>
    Select **\[ Add CA ]**.
  </Step>

  <Step>
    In the **X.509 Certificate Container** creation dialog, configure the following settings:

    * **Name**: **Bitwarden**
    * **Host**: Select **None**
    * **Type**: Select **X.509**
    * **Owner group**: Select the Bitwarden role CryptoHub created for the service.
  </Step>

  <Step>
    Right-click the Bitwarden X.509 certificate container and select **Add Certificate** > **New Certificate**.
  </Step>

  <Step>
    Configure the following **Subject DN** settings:

    * **Preset**: **Classic**
    * **Common Name**: **Root**
  </Step>

  <Step>
    Configure the following **Basic Info** settings:

    * Leave the fields set to the default values.
  </Step>

  <Step>
    Configure the following **V3 Extensions** settings:

    * **Profile**: Select **Certificate Authority**
  </Step>

  <Step>
    Select **\[ OK ]**.
  </Step>
</Steps>

### Generate a key pair

Perform the following steps to generate the Bitwarden key pair:

<Steps>
  <Step>
    Right-click the **Root CA** certificate and select **Add Certificate** > **New Certificate**.
  </Step>

  <Step>
    Configure the following **Subject DN** settings:

    * **Preset**: **Classic**
    * **Common Name**: **Bitwarden**
  </Step>

  <Step>
    Configure the following **Basic Info** settings:

    * **Security Usage**: **Encrypt/Decrypt**
    * Leave all other fields set to the default values.
  </Step>

  <Step>
    Configure the following **V3 Extensions** settings:

    * **Profile**: **TLS Client Certificate**
  </Step>

  <Step>
    Select **\[ OK ]**.
  </Step>
</Steps>

### Export certificate

Perform the following steps to export the Bitwarden certificate:

<Steps>
  <Step>
    Right-click the **Bitwarden** certificate and select **Export** > **Certificate(s)**.
  </Step>

  <Step>
    Change **Encoding** to **PEM** and select **\[ Browse ]**.
  </Step>

  <Step>
    Specify a filename for web transfer (such as `Bitwarden-Cert.pem`) and select **\[ OK ]**.
  </Step>

  <Step>
    Select **\[ OK ]** to initiate the export.
  </Step>

  <Step>
    When prompted, save the certificate file.
  </Step>
</Steps>

### Assign a name

Perform the following steps to assign a name to the private key:

<Steps>
  <Step>
    Go to **Administrative Services** > **Key Management** > **Key Database**.
  </Step>

  <Step>
    Select **\[ Reload ]**.
  </Step>

  <Step>
    Right-click the Bitwarden key pair in the **Keys** section and select **Edit**.
  </Step>

  <Step>
    Under **Key Settings**, enter `Bitwarden` in the **Name** field and select **\[ OK ]** to save.
  </Step>
</Steps>

### Grant Use permission

Perform the following steps to grant the Use permission on the private key:

<Steps>
  <Step>
    Go to **Administrative Services** > **Key Management** > **Key Database**.
  </Step>

  <Step>
    Right-click the Bitwarden key pair and select **Permission**.
  </Step>

  <Step>
    Select the Bitwarden role in the drop-down menu and select **\[ Add ]**.
  </Step>

  <Step>
    Select the **Permission** drop-down option next to the Bitwarden role and select **Use**.
  </Step>

  <Step>
    Select **\[ Save ]**.
  </Step>
</Steps>
