Configure Connect:Direct Secure Plus to Use the SSL or TLS Protocol

The spcust_sample1 script demonstrates using the Secure+ CLI to configure Connect:Direct® Secure Plus to use the SSL or TLS protocol with the trusted root file, key certificates, and ciphers.

#! /bin/sh
#
#############################################################################
# Licensed Materials - Property of IBM
#
# Connect:Direct for UNIX
#
# (C) Copyright IBM Corp. 1992, 2014 All Rights Reserved.
#
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.
#############################################################################
#
# spcust_sample1.sh contains an example of configuring
# Secure+ to use SSL or TLS protocols with the Secure+ CLI. 
# The example demonstrates the configuration of Secure+
# with the trusted root and key certificates and ciphers
#
#
# Variables
#
# The return code. 
# spcli.sh returns the highest return code of the commands
# it executed. Possible return codes and their meanings are
#      0    success
#      4    warning
#      8    error
#     16    fatal error
RC=0
#
#
# Functions
#
#
# Custom initialization logic written by customer.
#
initCustom()
{
    # Customer adds custom initialization code here.
    echo "Init custom..."
    # rm -rf /sci/users/jlyon/cd42/ndm/secure+/nodes
}
#
# Invoke CLI to configure Secure+.
#
invokeCLI()
{
    /sci/users/jlyon/cd42/ndm/bin/spcli.sh -e 8 -li y << EOF
    ;
    display info
    ;
    ;
    ; -- Synch with netmap
    ;
    sync netmap 
        path=/sci/users/jlyon/cd42/ndm/cfg/<node name>/netmap.cfg
        name=*
    ;
    ;
    ; -- Import KeyCert
    ;
    Import KeyCert
        File=<path to Key Certificate file>
        Passphrase=<KeyStore passphrase>
        Label=<optional, destination name of key certificate>
        ImportMode=<Add | Replace | AddOrReplace>
    ;
    ;
    ; -- Import TrustedCert
    ;
    Import TrustedCert
        File=<path to Trusted Certificate file>
        ImportMode=<Add | Replace | AddOrReplace>
    ;
    ;
    ; -- Update LocalNode
    ;
    Update LocalNode
        Protocol=<Comma delimited list of Protocols, see Display Protocols>
        SecurityMode=<One Security Mode, see Display SecurityModes>
        Override=<y | n>
        AuthTimeout=<nnn seconds>
        KeyCertLabel=<label of key certificate | null>
        EncryptData=<y | n>
        ClientAuth=<y | n>
        CipherSuites=<Comma delimited list of Ciphersuites | All | null>
        SeaEnable=<y | n>
        SeaCertValDef=<external authentication server certificate validation definition | null>
    ;
    ;
    ; -- Display localnode
    ;
    display localnode
    ; 
    ;
    ; -- Validate parmfile
    ;
    validate parmfile
    ;
EOF
    return $?
}
#
# Custom termination logic written by customer.
#
terminateCustom()
{
    # Customer adds custom termination code here.
    # For example, E-mail standard out log for review.
    # Send error messages to system monitoring facility. 
    echo "$RC"
    echo "Custom Terminating ... "
}
#
#  Main script
#
echo
echo "This script has been prevented from running because it will alter the configuration"
echo "of Secure+. Before removing this warning and its exit call, please modify the script"
echo "so that it carries out only desired modifications to the configuration of Secure+." 
echo  
exit
initCustom
invokeCLI
RC=$?
terminateCustom
exit $RC