Configure Connect:Direct Secure Plus to Use the TLS Protocol

The spcust_sample1 script demonstrates using the CLI to import certificates to configure Connect:Direct® Secure Plus and TLS protocol.

@echo off
 
REM
REM spcust_sample1.sh contains an example of configuring
REM Secure+ to use SSL or TLS protocols with the Secure+ CLI. 
REM The example demonstrates the configuration of Secure+
REM with the trusted root and key certificates and ciphers
REM

REM
REM Variables
REM

REM The return code. 
REM spcli.sh returns the highest return code of the commands
REM it executed. Possible return codes and their meanings are
REM      0  success
REM      4  warning
REM      8  error
REM     16  fatal error

set cdInstallDir=C:\Program Files\IBM\Connect Direct v6.3
set spDir=%cdInstallDir%\Server\Secure+

pushd "%spDir%"

REM
REM  Main script
REM

echo.
echo This script has been prevented from running because it will alter
echo The configuration of Secure+. Before removing this warning and its
echo exit call, please modify the script so that it carries out only 
echo desired modifications to the configuration of Secure+.
echo.  
goto :EOFc

all :initCustom

call :invokeCLI

call :terminateCustom

REM End of main script
goto :EOF

REM
REM Functions
REM

REM
REM Custom initialization logic written by customer.
REM

:initCustom

REM Customer adds custom initialization code here.

echo Init custom...
echo.

REM del /F "%spDir%\Nodes"

REM End ofinitCustom
goto :EOF

REM
REM Invoke CLI to configure Secure+.
REM

:invokeCLI    
set tempFile=clicmds.txt     

echo  ;                                                        >>%tempFile%     
echo display info                                              >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  ; -- Synch with netmap                                   >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  sync netmap                                              >>%tempFile%     
echo  path=v6.3\JLYON-LT                                     >>%tempFile%     
echo  name=*                                                   >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  ; -- Import keycert and trusted cert files.              >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo  import keycert                                           >>%tempFile%     
echo file="%spDir%\Certificates\keycert.txt"                   >>%tempFile%     
echo passphrase=password                                       >>%tempFile%     
echo Label="My KeyCert";                                       >>%tempFile%       
echo  ;                                                        >>%tempFile%     
echo  import trustedcert                                       >>%tempFile%     
echo file="%spDir%\Certificates\trusted.txt"                   >>%tempFile%     
echo  ;                                                        >>%tempFile%     
echo    update localnode                                       >>%tempFile%     
echo override=n                                                >>%tempFile%     
echo    protocol=(tls1.2,tls1.3)                           >>%tempFile%     
echo    securitymode=FIPS140-2                                 >>%tempFile%     
echokeycertlabel="My KeyCert"                                  >>%tempFile%     
echociphersuites=(TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256)  
>>%tempFile%
echo  ;                                                        >>%tempFile%
echo  ;                                                        >>%tempFile%
echo  ; -- Display localnode                                   >>%tempFile%
echo  ;                                                        >>%tempFile%
echo   display localnode                                       >>%tempFile%
echo  ;                                                        >>%tempFile%
echo    validate parmfile                                      >>%tempFile%
echo  ;                                                        >>%tempFile% 
echo  quit;                                                    >>%tempFIle%
      
call "%spDir%\spcli.cmd" -e 8 -li y < %tempFile%       
set RC=%ERRORLEVEL% 
del %tempFile%

REM End of invokeCLI
goto :EOF

REM
REM Custom termination logic written by customer.
REM
:terminateCustom

REM Customer adds custom termination code here.
REM For example, E-mail standard out log for review.
REM Send error messages to system monitoring facility.     
  echo.
  echo Custom Terminating with errorlevel of %RC%    
  echo.REM End of terminateCustom
goto :EOF

popd