Configure CryptoHub

7min
After you deploy the Bitwarden service in , set up a client endpoint. An endpoint is a device authorized to access the service. Use the Endpoints menu to view and manage these devices. You can also add new endpoints by selecting [ Add New ]. When prompted, enter the device address and specify the endpoint. The following sections provide detailed instructions for deploying a client endpoint and installing the client library files:
Deploy the client endpoint
1
Go to the Endpoints menu inside the service you deployed.
2
In the Manage Endpoints menu, select [ Add New ].
3
In the Add Endpoint dialog:
Enter a Name for the endpoint (optional).
Leave the  Hostname set to the auto-populated value.
In the Platform dropdown, you must select Linux OpenSSL 3.x 64-bit to match the OpenSSL version installed in the Bitwarden Key Connector container.
4
Select [ Add Endpoint ]. The browser prompts you to download a zip file containing the  PKCS #11 module and a configuration file pre-configured to connect to your  instance. To install the files on the machine where you installed Bitwarden, perform the Configure Bitwarden﻿  instructions in the next section.
Generate RSA key pair for Bitwarden Key Connector
Perform the following tasks to generate an RSA key pair:
You must generate the Bitwarden key pair under a root CA certificate to give it the encrypt and decrypt security usage it requires.
1 | Create X.509 Certificate Container and root CA
1
Go to Administrative Services > PKI Management > Certificate Management.
2
Select [ Add CA ].
3
In the X.509 Certificate Container creation dialog, configure the following settings:
Name: Bitwarden
Host: None
Type: X.509
Owner group: Select the Bitwarden role  created for the service.
4
Right-click the Bitwarden X.509 Certificate Container and select Add Certificate > New Certificate.
5
Configure the following Subject DN settings:
Preset: Classic
Common Name: Root
6
Configure the following Basic Info settings:
Leave set the default values.
7
Configure the following V3 Extensions settings:
Profile: Certificate Authority
8
Select [ OK ].
2 | Generate Bitwarden key pair
1
Right-click the Root CA certificate and select Add Certificate > New Certificate.
2
Configure the following Subject DN settings:
Preset: Classic
Common Name: Bitwarden
3
Configure the following Basic Info settings:
Security Usage: Encrypt/Decrypt
Leave all other fields set to the default values.
4
Configure the following V3 Extensions settings:
Profile: TLS Client Certificate
5
Select [ OK ].
3 | Export Bitwarden certificate
1
Right-click the Bitwarden certificate and select Export > Certificate(s).
2
Change Encoding to PEM and select [ Browse ].
3
Specify a filename for web transfer (such as Bitwarden-Cert.pem) and select [ OK ].
4
Select [ OK ] to initiate the export.
5
Save the certificate file when your browser prompts it.
4 | Assign a name to the private key
1
Go to Administrative Services > Key Management > Key Database.
2
Select [ Reload ].
3
Right-click the Bitwarden key pair in the Keys section and select Edit.
4
Under Key Settings, enter Bitwarden in the Name field and select [ OK ] to save.
5 | Grant Use permission on the private key
1
Go to Administrative Services > Key Management > Key Database.
2
Right-click the Bitwarden key pair and select Permission.
3
Select the Bitwarden role in the drop-down menu and select [ Add ].
4
Select the Permission drop-down option next to the Bitwarden role and select Use.
5
Select [ Save ].
﻿
Updated 10 Dec 2024
Did this page help you?
Deploy the service
Configure Bitwarden