The spcust_sample1 script demonstrates using the CLI to import certificates to configure Connect:Direct®
Secure Plus and TLS protocol.
@echo off
REM
REM spcust_sample1.sh contains an example of configuring
REM Secure+ to use SSL or TLS protocols with the Secure+ CLI.
REM The example demonstrates the configuration of Secure+
REM with the trusted root and key certificates and ciphers
REM
REM
REM Variables
REM
REM The return code.
REM spcli.sh returns the highest return code of the commands
REM it executed. Possible return codes and their meanings are
REM 0 success
REM 4 warning
REM 8 error
REM 16 fatal error
set cdInstallDir=C:\Program Files\IBM\Connect Direct v6.3
set spDir=%cdInstallDir%\Server\Secure+
pushd "%spDir%"
REM
REM Main script
REM
echo.
echo This script has been prevented from running because it will alter
echo The configuration of Secure+. Before removing this warning and its
echo exit call, please modify the script so that it carries out only
echo desired modifications to the configuration of Secure+.
echo.
goto :EOFc
all :initCustom
call :invokeCLI
call :terminateCustom
REM End of main script
goto :EOF
REM
REM Functions
REM
|
REM
REM Custom initialization logic written by customer.
REM
:initCustom
REM Customer adds custom initialization code here.
echo Init custom...
echo.
REM del /F "%spDir%\Nodes"
REM End ofinitCustom
goto :EOF
REM
REM Invoke CLI to configure Secure+.
REM
:invokeCLI
set tempFile=clicmds.txt
echo ; >>%tempFile%
echo display info >>%tempFile%
echo ; >>%tempFile%
echo ; >>%tempFile%
echo ; -- Synch with netmap >>%tempFile%
echo ; >>%tempFile%
echo sync netmap >>%tempFile%
echo path=v6.3\JLYON-LT >>%tempFile%
echo name=* >>%tempFile%
echo ; >>%tempFile%
echo ; >>%tempFile%
echo ; -- Import keycert and trusted cert files. >>%tempFile%
echo ; >>%tempFile%
echo import keycert >>%tempFile%
echo file="%spDir%\Certificates\keycert.txt" >>%tempFile%
echo passphrase=password >>%tempFile%
echo Label="My KeyCert"; >>%tempFile%
echo ; >>%tempFile%
echo import trustedcert >>%tempFile%
echo file="%spDir%\Certificates\trusted.txt" >>%tempFile%
echo ; >>%tempFile%
echo update localnode >>%tempFile%
echo override=n >>%tempFile%
echo protocol=(tls1.2,tls1.3) >>%tempFile%
echo securitymode=FIPS140-2 >>%tempFile%
echokeycertlabel="My KeyCert" >>%tempFile%
echociphersuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256)
>>%tempFile%
echo ; >>%tempFile%
echo ; >>%tempFile%
echo ; -- Display localnode >>%tempFile%
echo ; >>%tempFile%
echo display localnode >>%tempFile%
echo ; >>%tempFile%
echo validate parmfile >>%tempFile%
echo ; >>%tempFile%
echo quit; >>%tempFIle%
|
call "%spDir%\spcli.cmd" -e 8 -li y < %tempFile%
set RC=%ERRORLEVEL%
del %tempFile%
REM End of invokeCLI
goto :EOF
REM
REM Custom termination logic written by customer.
REM
:terminateCustom
REM Customer adds custom termination code here.
REM For example, E-mail standard out log for review.
REM Send error messages to system monitoring facility.
echo.
echo Custom Terminating with errorlevel of %RC%
echo.REM End of terminateCustom
goto :EOF
popd
|