Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

Perform the following steps to generate an RSA key pair for Bitwarden on the Vectera Plus:
1
Run the fxcli-hsm program.
2
Connect to the Admin TLS port on the HSM by using the connect tcp command.
Before connecting, you must configure the TLS certificates in FXCLI by using the tls commands. For additional details, see the FXCLI HSM technical reference on the Futurex Portal.
3
Log in with both default Admin identities. When prompted, enter the username and password. Run the following command twice (once for Admin1 and once for Admin2):
FXCLI
  login user
4
Run the following command to generate a new private key in the next available key slot on the Vectera Plus. You need this key in step 6 to create a self-signed certificate.
FXCLI
  generate 
      --algo RSA 
      --bits 4096 
      --name bitwarden_privatekey 
      --usage dek 
      --slot next
5
Run the following command to assign the value Bitwarden to the label PKCS #11 attribute of the bitwarden_privatekey key created in the preceding step:
FXCLI
  keytable extdata --slot 0 --p11-attr label --p11-value "Bitwarden"
The value set in the --slot flag must match the key slot where you created the bitwarden_privatekey.
6
Run the following command to create a self-signed certificate by using the private key generated on the HSM in the preceding step 4:
FXCLI
  x509 sign 
      --private-slot 0  
      --validity-period "2 Year" 
      --dn "CN=Bitwarden Key Connector"
      --ca false
      --eku Client
      --key-usage DigitalSignature --key-usage KeyAgreement
      --out Bitwarden-Cert.pem