keystoreMover

Exports one or more keys from one keystore format to another.

Synopsis

Description

The developer interface to the Registry requires the use of a JKS keystore, while the Web Console requires a PKCS12 or DER certificate that you can import into a web browser.

If you created a user account using a registry-generated PKCS12 certificate and you wish to use the Admin Tool to publish content to the Registry, use the keystoreMovercommand to export the certificate to a JKS keystore. You can also use this command in order to run developer applications against the Registry.

If you created a user with the add user command and you want that user to be able to use the Web Console, you can use this command to export the JKS keystore created by add user to the PKCS12 format.

See Creating a User Account in Service Registry 3.1 User’s Guide for details on using the Web Console to create a user account. See Using the Admin Tool to Publish Content to the Registry for information on using the keystoreMover in conjunction with the Admin Tool. See add user for information on using the add user command.

See Service Registry 3.1 Developer’s Guide for information on developing applications for the Registry.

Options

-sourceKeystoreType

Specifies the type of the keystore to be exported. Argument must be either PKCS12 or JKS. The default is PKCS12.

-sourceKeystorePath

Specifies the path name of the file that contains the source keystore. This option is required. Normally, this is the path name of the certificate file created when you created a user.

-sourceKeystorePassword

Specifies the password for the source keystore. Normally, this is the password you specified when you created a user. This option is required.

-sourceAlias

Specifies the alias to be exported. If you do not specify this option, the command exports all aliases in the keystore. The keystore downloaded from the Web Console contains only one alias.

-sourceKeyPassword

Specifies the password specific to the alias (as opposed to the keystore password). If you do not specify this option, the password is the same as the keystore password (this is the usual case).

-destinationKeystoreType

Specifies the type of the destination keystore. Argument may be either JKS or PKCS12. The default is JKS.

-destinationKeystorePath

Specifies the path name of the file that will contain the destination keystore. This option is required. Normally, this argument is HOME/soar/3.0/jaxr-ebxml/security/keystore.jks, where HOME is the user's home directory.

-destinationKeystorePassword

Specifies the password for the destination keystore. This argument is required. The default value of this property is ebxmlrr.

-destinationAlias

Specifies the new alias name, if you want to rename the alias. If you do not specify this option, the new alias has the same name as the alias of the source certificate.

-destinationKeyPassword

Specifies the password specific to the alias (as opposed to the keystore password). If you do not specify this option, the password is the same as the keystore password (this is the usual case).

All passwords must be at least 6 characters in length.

Example

The following command exports the certificate in generated-key.p12 in a user's home directory to a JKS keystore in soar/3.0/jaxr-ebxml/security/keystore.jks, also in the user's home directory. The source keystore password is the one provided when the user registered with the Registry. The destination keystore password is the default value of ebxmlrr. Specify the command all on one line.

admin> keystoreMover -sourceKeystorePath /home/myname/generated-key.p12 
-sourceKeystorePassword mypass -destinationKeystorePath 
/home/myname/soar/3.0/jaxr-ebxml/security/keystore.jks 
-destinationKeystorePassword ebxmlrr