Configure CryptoHub

after you deploy the bitwarden service in {{ch}} , set up a client endpoint an endpoint is a device authorized to access the service use the endpoints menu to view and manage these devices you can also add new endpoints by selecting \[ add new ] when prompted, enter the device address and specify the endpoint the following sections provide detailed instructions for deploying a client endpoint and installing the client library files deploy the client endpoint go to the endpoints menu inside the service you deployed in the manage endpoints menu, select \[ add new ] in the add endpoint dialog enter a name for the endpoint (optional) leave the {{ch}} hostname set to the auto populated value in the platform dropdown, you must select linux openssl 3 x 64 bit to match the openssl version installed in the bitwarden key connector container select \[ add endpoint ] the browser prompts you to download a zip file containing the {{futurex}} pkcs #11 module and a configuration file pre configured to connect to your {{ch}} instance to install the files on the machine where you installed bitwarden, perform the configure bitwarden docid 22ef59dnadqvnljodcul instructions in the next section generate rsa key pair for bitwarden key connector perform the following tasks to generate an rsa key pair you must generate the bitwarden key pair under a root ca certificate to give it the encrypt and decrypt security usage it requires 1 | create x 509 certificate container and root ca go to administrative services > pki management > certificate management select \[ add ca ] in the x 509 certificate container creation dialog, configure the following settings name bitwarden host none type x 509 owner group select the bitwarden role {{ch}} created for the service right click the bitwarden x 509 certificate container and select add certificate > new certificate configure the following subject dn settings preset classic common name root configure the following basic info settings leave set the default values configure the following v3 extensions settings profile certificate authority select \[ ok ] 2 | generate bitwarden key pair right click the root ca certificate and select add certificate > new certificate configure the following subject dn settings preset classic common name bitwarden configure the following basic info settings security usage encrypt/decrypt leave all other fields set to the default values configure the following v3 extensions settings profile tls client certificate select \[ ok ] 3 | export bitwarden certificate right click the bitwarden certificate and select export > certificate(s) change encoding to pem and select \[ browse ] specify a filename for web transfer (such as bitwarden cert pem ) and select \[ ok ] select \[ ok ] to initiate the export save the certificate file when your browser prompts it 4 | assign a name to the private key go to administrative services > key management > key database select \[ reload ] right click the bitwarden key pair in the keys section and select edit under key settings , enter bitwarden in the name field and select \[ ok ] to save 5 | grant use permission on the private key go to administrative services > key management > key database right click the bitwarden key pair and select permission select the bitwarden role in the drop down menu and select \[ add ] select the permission drop down option next to the bitwarden role and select use select \[ save ]