Configure the BeyondTrust U-Series Appliance with CryptoHub

this section explains how to integrate {{ch}} with the password safe product by installing the fxpkcs11 x64 and x86 drivers, along with the required configuration file, into the appropriate directory these components enable the beyondtrust configuration utility to communicate properly with {{ch}} transferring the cryptohub endpoint zip files to the u series appliance if you have a virtual u series appliance, beyondtrust locks it down significantly for example, it does not include a browser, and many powershell commands are unavailable one method for transferring files to the virtual appliance is wget, but we will leave it to the user to decide how they want to transfer the endpoint zip files to the machine running the u series appliance install fxpkcs11 on the windows machine running the u series appliance perform the following steps to install fxpkcs11 on the windows machine that's running the beyondtrust u series appliance perform the steps below only for one of the two endpoint zips that you downloaded from cryptohub and transferred to the u series appliance for the other endpoint zip, you only need to extract it and copy the fxpkcs11 dll file that is inside to the same directory as the rest of the files below the result will be two different fxpkcs11 module files in the c \program files\futurex\fxpkcs11 directory one should be named fxpkcs11 dll and the other you should re name to fxpkcs11 x86 dll the zip files contain the following files pkcs11manager exe program to test the connection to the {{ch}} and perform basic functions through the fxpkcs11 module, such as logging in and generating random data ca chain pem ca certificate bundle client cert pem client tls certificate client p12 full client pki in encrypted pkcs #12 format (contains the ca chain, client certificate, and client private key) configtest exe program to test the configuration and connection to the {{ch}} fxpkcs11 cfg configuration file for the {{futurex}} pkcs #11 library fxpkcs11 dll the {{futurex}} pkcs #11 library file move all of the preceding fxpkcs11 files to c \program files\futurex\fxpkcs11 create the futurex\fxpkcs11 directory as an administrator the {{futurex}} pkcs #11 module expects to find the fxpkcs11 configuration file ( fxpkcs11 cfg ) in the c \program files\futurex\fxpkcs11 directory by default to make sure that communication can be established between the u series appliance and {{ch}} , run the pkcs11manager program if connection is successful, the main menu should appear configure the fxpkcs11 library in beyondinsight on the u series appliance, select the windows symbol select the beyondtrust > beyondinsight configuration select \[ yes ] on the user account control popup message on the right hand side, select configure hsm credentials select \[ edit ] on the top left side, then select \[ add new hsm credential ] under 32 bit driver path , select "click here to set 32 bit" navigate to the c \program files\futurex\fxpkcs11 folder and select the fxpkcs11 x86 dll file under the 64 bit driver path , select "click here to set 64 bit" navigate to the c \program files\futurex\fxpkcs11 folder and select the fxpkcs11 dll file the row in the slot column should automatically be filled enter a unique key name under key name enter a description under description if the user has changed the pin/password for the endpoint, enter it under the pin column if the user kept the default password for the endpoint, please follow the steps below to attain the pin value, open the notepad application select file > open on the bottom right side, in the drop down menu with the default value text documents ( txt) , select all files navigate to the fxpkcs11 folder select the fxpkcs11 cfg file scroll down and copy the value between \<crypto opr pass> and \</crypto opr pass> go back to the configure hsm credentials window and paste in the value into the pin field select the \[ test active credential ] to test if beyondinsight can successfully communicate with {{ch}} if the connection is successful, a text box should appear showing hsm connection successful select \[ save and close ]