The PStoreTool provides WSO2 SOA Enablement Server Protected Store management from the command line. It provides the functionality to import and export trusted certificates locally to or from a file or remotely using server-side protected store, create new security identities in the WSO2 SOA Enablement Server Server configuration file or on the WSO2 SOA Enablement Server, and copy identities between protected stores.
The general usage is:
PStoreTool command [--options...]
Commands
new - Creates a new security identity in the local protected store. The configuration file of the protected store can be specified using the -config parameter.
newServer - Creates a new security identity on the WSO2 SOA Enablement Server. The location of the server is specified with the -url parameter.
copy - Copies the existing security identity from one protected source to another or to the WSO2 SOA Enablement Server Server protected store.
copyFromServer - Copies existing security identity from the WSO2 SOA Enablement Server with the URL indicated by the -url option to the local protected store stored in the specified configuration file.
add - Adds a trusted X.509 certificate to the local protected store. The X.509 certificate can be supplied either as a local file or it can be remotely fetched from the WSO2 SOA Enablement Server using the -alias and -url options.
This command can also add the mapping between the security identity alias and the X.509 certificate (the certificate is needed only for the server-side protected store) to the user store part of the protected store. This can be requested by using -user with the -alias option.
addServer - Adds a trusted certificate to WSO2 SOA Enablement Server. This command also adds the mapping between the security identity alias and its X.509 certificate to the user store part of the WSO2 SOA Enablement Server protected store. The certificate can be given in the local file or can be fetched from the local protected store. The configuration file can be specified using the -config option.
remove - Removes the given alias from the local protected store. This command can also remove an alias from the user store part of the protected store using the -user option. When removing a mapping from the user store part, the X.509 certificates mapped to the given alias are also removed from the key store.
removeServer - Removes a given alias from the protected store. The alias is removed from the user store part of the protected store if it is not found in the key store. When removing mapping from the user store part, the X.509 certificates mapped to the given alias is also removed from the key store.
lsTrusted - Displays a list of the trusted certificates Subject-distinguished names from the local protected store.
lsTrustedServer - Displays a list of the trusted certificates Subject distinguished names from the Server.
list - Displays all aliases contained in the key store part of the local protected store.
listServer - Displays all aliases contained in the key store part of the WSO2 SOA Enablement Server protected store.
export - Exports the X.509 certificate chain stored in the key store or in the user store of the local protected store with the given alias.
exportServer - Exports the X.509 certificate chain stored in the key store or in the user store of the protected store with the given alias.
import - Creates a new security identity in the local protected store and imports its private key and X.509 certificate chain.
importServer - Creates a new security identity in WSO2 SOA Enablement Server and imports its private key and X.509 certificate chain.
gui - Graphical version of this tool.
Options
-alias alias - Alias to be used for the command.
-keyPassword password - Password for encrypting/decrypting the security identity private key.
-subject subjectDN - Subject distinguished name to be used in the generated X.509 certificate.
-config configPath - File path to the configuration file to be used during the command execution for as the source of the local protected store.
-username username - Username for authentication process. Not required if WSO2 SOA Enablement Server is unsecured.
-password password - Password for authentication process. Not required if the server is unsecured.
-secprovider provider - Authentication mechanism to be used during the authentication process. Not required if the server is unsecured.
-url serverURL - URL of the Server with the protected store in question.
-certFile certPath - File path to the X.509 certificate stored in a local file.
-keyFile keyPath - File path to the private key stored in a local file (PKCS #8 encoding).
-pkcs12File pkcs12Path - File path to the PKCS#12 package stored in a local file. Supported on Java 2 version 1.4 and higher. Vendors may support only some encodings (eg. DER).
-user - Indicates that command should be executed only with the contents of the user store of the protected store.
-config2 secondConfigPath - Path to the second configuration file. Used for the copy command, when copying an identity from one local protected store to another.
To run the graphical version of this tool, use gui as parameter along with the PStoreTool command.