> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate RSA key pair on the Vectera Plus

> Step-by-step guide to generate an RSA key pair on the Vectera Plus HSM for Bitwarden.

Perform the following steps to generate an RSA key pair for Bitwarden on the Vectera Plus:

<Steps>
  <Step>
    Run the **fxcli-hsm** program.
  </Step>

  <Step>
    Connect to the Admin TLS port on the HSM by using the `connect tcp` command.

    <Note>
      Before connecting, you must configure the TLS certificates in FXCLI by using the `tls` commands. For additional details, see the FXCLI HSM technical reference on the Futurex Portal.
    </Note>
  </Step>

  <Step>
    Log in with both default Admin identities. When prompted, enter the username and password. Run the following command twice (once for **Admin1** and once for **Admin2**):

    ```bash title="FXCLI" expandable lines wrap theme={null}
      login user
    ```
  </Step>

  <Step>
    Run the following command to generate a new private key in the next available key slot on the Vectera Plus. You need this key in step 6 to create a self-signed certificate.

    ```bash title="FXCLI" expandable lines wrap theme={null}
      generate 
          --algo RSA 
          --bits 4096 
          --name bitwarden_privatekey 
          --usage dek 
          --slot next 
    ```
  </Step>

  <Step>
    Run the following command to assign the value **Bitwarden** to the **label** PKCS #11 attribute of the `bitwarden_privatekey` key created in the preceding step:

    ```bash title="FXCLI" expandable lines wrap theme={null}
      keytable extdata --slot 0 --p11-attr label --p11-value "Bitwarden"
    ```

    <Note>
      The value set in the `--slot` flag must match the key slot where you created the `bitwarden_privatekey`.
    </Note>
  </Step>

  <Step>
    Run the following command to create a self-signed certificate by using the private key generated on the HSM in the preceding step 4:

    ```bash title="FXCLI" expandable lines wrap theme={null}
      x509 sign 
          --private-slot 0  
          --validity-period "2 Year" 
          --dn "CN=Bitwarden Key Connector"
          --ca false
          --eku Client
          --key-usage DigitalSignature --key-usage KeyAgreement
          --out Bitwarden-Cert.pem
    ```
  </Step>
</Steps>
