Specifying the signer DN for a synonym LT

Configuring a connection between a master LT and an SAG describes, among other things, how to specify, for each LT-to-SAG connection, the distinguished name of the security endpoint that is to authorize and sign SWIFTNet FIN traffic. Because a synonym LT uses a signer DN that is different from the one specified for the connection used by its master LT, you must configure a CO of type DnfSynonymLTConn and use it to specify a different signer DN. To help you do this, FTM SWIFT generates, during customization, for each business OU, a script with a name of the form: 
deployment_dir/instance/admin/ou_dnfcfcsc.cli
where:
deployment_dir
Directory specified in the CDP initialization file.
instance
Name of the instance.
ou
Name of the OU.
These scripts contain the following command: 
add -ou DNIvOU -ct DnfSynonymLTConn -co <ltname><number> -attr SignerDN -val <signerDN>
The customization process substitutes the placeholder DNIvOU in the script with the name of the OU. Modify and run this script once for each LT:
  1. Copy the script into the home directory.
  2. For each combination of a synonym LT and an LT-to-SAG connection for which a different DN is to be specified, copy the line in the script that begins with: 
    add -ou DNIvOU -ct DnfSynonymLTConn...
  3. Replace each of the placeholders in the copy of the script with an appropriate value:
    <ltname>
    Name (BIC9) of the synonym LT, for example, BANKBBCLX. This name is provided by SWIFT.
    <number>
    Two-digit number of the LT-to-SAG connection used by the master LT (for example, 01). This was specified in the procedure described in Configuring a connection between a master LT and an SAG.
    <signerDN>
    Distinguished name of the security endpoint that is to sign the SWIFTNet FIN traffic for the specified combination of synonym LT and connection, for example: 
    cn=fincbt,o=xxxxdeff,o=swift
  4. Run the dnfcfcsc.cli script. To do this, you must have the system configuration administrator (DniSA) role. Enter the following command: 
    dnicli -i instance -ou SYSOU -s DNI_SYSADM -cft dnfcfcsc.cli -cp IBM-1047
  5. Approve and deploy the changes: 
    dnicli -i instance -ou SYSOU -s DNI_SYSADM 
app -ou ou
dep -ou ou

    If dual authorization is enabled, another user with the appropriate access rights must approve the changes before they can be deployed. If dual authorization is disabled, you can skip approving the changes and immediately deploy them.