This command can also add mapping between the security identity alias and the X.509 certificate to the user store part of the protected store. The certificate is needed only for the server-side protected store. This can be requested by using -user with the -alias option. • addServer - Adds a trusted certificate to Oracle Service Registry. This command also adds the mapping between the security identity alias and its X.509 certificate to the user store part of the Oracle Service Registry protected store. The certificate can be given in the local file or can be fetched from the local protected store. The configuration file can be specified using the -config option. • remove - Removes the given alias from the local protected store. This command can also remove an alias from the user store part of the protected store using the -user option. When removing a mapping from the user store, the X.509 certificates mapped to the given alias are also removed from the key store. • removeServer - Removes a given alias from the protected store. The alias is removed from the user store part of the protected store if it is not found in the key store. When removing mapping from the user store part, the X.509 certificates mapped to the given alias are also removed from the key store. • lsTrusted - Displays a list of the trusted certificates Subject-distinguished names from the local protected store. • lsTrustedServer - Displays a list of the trusted certificates Subject distinguished names from the server. • list - Displays all aliases contained in the key store part of the local protected store. • listServer - Displays all aliases contained in the key store part of the Oracle Service Registry protected store. • export - Exports the X.509 certificate chain stored in the key store or in the user store of the local protected store with the given alias. • exportServer - Exports the X.509 certificate chain stored in the key store or in the user store of the protected store with the given alias. • gui - Launches the graphical version of this tool. The PStore tool has the following options: • -alias alias - Alias to be used for the command. • -keyPassword password - Password for encryptingdecrypting the security identity private key. • -subject subjectDN - Subject-distinguished name to be used in the generated X.509 certificate. • -config configPath - File and path to the configuration file to be used during command execution for the source of the local protected store. • -username username - Username for authentication process. Not required if the Oracle Service Registry server is unsecured. • -password password - Password for authentication process. Not required if the server is unsecured. • -secprovider provider - Authentication mechanism used during the authentication process. Not required if the server is unsecured. • -certFile certPath - File and path to the X.509 certificate stored in a local file. • -user - Indicates that a command should be executed only with the contents of the user store of the protected store. Page 378

8.1. Commands Description

• -config2 secondConfigPath - Path to the second configuration file. Used for the copy command, when copying an identity from one local protected store to another.

8.2. PStore Tool - GUI Version

You can add, edit, or remove any user properties in the user store. You can also add, edit, and remove certificates and identities in the key store. You can do all of this with a local file containing the protected store. Figure 56. PStore Tool

8.2.1. Running the GUI PStore Tool

To run the graphical version of this tool, use gui as parameter with the PStoreTool command. PStoreTool gui

8.2.2. Opening and Closing the Protected Store Opening Protected Store from a File

The GUI PStore Tool can manipulate every protected store in a file. To manipulate the clients protected store, open clientconf.xml . To open the server protected store, open pstore.xml. To open protected store from file, select Open From File... from the PStore menu. This returns the file chooser dialog. Select the file you want to open as shown in Figure 57 . Page 379 Opening Protected Store from a File Figure 57. Open Protected Store from a File Closing Protected Store To close the protected store, select Close from the PStore menu.

8.2.3. Open Next Protected Store

In some cases you need to work with more than one protected store at the same time. Typically you want to copy certificates from one protected store to another. To open another protected store, select the New Window from the PStore menu. New windows appear. Now you can open the protected store from a file.

8.2.4. Copy Data Between Protected Stores

With the PStore Tool, you can manipulate more than one protected store at the same time. You can simply copy identities, certificates, users, and user properties from one protected store to another using the Copy and Paste actions located in context menus of the Aliases, Users, and Properties panels. Note When you copy data from one area to another, the Paste action is disabled for some categories of data. This means that data may be copied, but cannot be pasted to the selected area. For example, the password property from the user store cannot be pasted to the key store. 8.2.5. Key Store To work with the key store, select the Key Store tab. This tab has two panels. The left side has a list of all entries. The right has detailed information for the selected entry. Page 380 8.2.5. Key Store