new - Creates a new security identity in the local protected store. The configuration file of the protected store can be specified using the -config parameter.

newServer - Creates a new security identity on BEA AquaLogic Service Registry. The location of the server is specified with the -url parameter.

copy - Copies the existing security identity from one protected source to another or to the BEA AquaLogic Service Registry protected store.

add - Adds a trusted X.509 certificate to the local protected store. The X.509 certificate can be supplied as a local file.

This command can also add mapping between the security identity alias and the X.509 certificate to the user store part of the protected store. (The certificate is needed only for the server-side protected store.) This can be requested by using -user with the -alias option.

addServer - Adds a trusted certificate to BEA AquaLogic Service Registry. This command also adds the mapping between the security identity alias and its X.509 certificate to the user store part of the BEA AquaLogic Service Registry protected store. The certificate can be given in the local file or can be fetched from the local protected store. The configuration file can be specified using the -config option.

remove - Removes the given alias from the local protected store. This command can also remove an alias from the user store part of the protected store using the -user option. When removing a mapping from the user store, the X.509 certificates mapped to the given alias are also removed from the key store.

removeServer - Removes a given alias from the protected store. The alias is removed from the user store part of the protected store if it is not found in the key store. When removing mapping from the user store part, the X.509 certificates mapped to the given alias are also removed from the key store.

lsTrusted - Displays a list of the trusted certificate's Subject-distinguished names from the local protected store.

lsTrustedServer - Displays a list of the trusted certificate's Subject distinguished names from the server.

list - Displays all aliases contained in the key store part of the local protected store.

listServer - Displays all aliases contained in the key store part of the BEA AquaLogic Service Registry protected store.

export - Exports the X.509 certificate chain stored in the key store or in the user store of the local protected store with the given alias.

exportServer - Exports the X.509 certificate chain stored in the key store or in the user store of the protected store with the given alias.

gui - Launches the graphical version of this tool.

-alias alias - Alias to be used for the command.

-keyPassword password - Password for encrypting/decrypting the security identity private key.

-subject subjectDN - Subject-distinguished name to be used in the generated X.509 certificate.

-config configPath - File and path to the configuration file to be used during command execution for the source of the local protected store.

-username username - Username for authentication process. Not required if the BEA AquaLogic Service Registry server is unsecured.

-password password - Password for authentication process. Not required if the server is unsecured.

-secprovider provider - Authentication mechanism used during the authentication process. Not required if the server is unsecured.

-certFile certPath - File and path to the X.509 certificate stored in a local file.

-user - Indicates that a command should be executed only with the contents of the user store of the protected store.

-config2 secondConfigPath - Path to the second configuration file. Used for the copy command, when copying an identity from one local protected store to another.