Automate Setup with the Secure+ CLI

The Java-based Connect:Direct® Command Line Interface (Secure+ CLI) and sample script enable you to create customized script that automate creating an initial installation of IBM Connect:Direct, populating the Secure+ parameters file, and managing node records. You can then distribute these scripts throughout your enterprise to implement the IBM Connect:Direct application. Before you create the scripts for distribution, consider creating an installation of Connect:Direct Secure Plus using the Secure+ Admin Tool and testing it to verify the results.

Model Automation Scripts

The following scripts are provided as models for creating custom scripts to define your Connect:Direct Secure Plus environment and automate the implementation of it. To prevent any loss of data, you cannot run the scripts, but you can save them with a different name and modify them to suit your needs.

Configure Connect:Direct Secure Plus to Use the TLS Protocol

The spcust_sample1 script demonstrates using the Secure+ CLI to configure Connect:Direct Secure Plus to use the TLS protocol with the trusted root file, key certificates, and ciphers.

#! /bin/sh
#
#############################################################################
# Licensed Materials - Property of IBM
#
# Connect:Direct for UNIX
#
# (C) Copyright IBM Corp. 1992, 2014 All Rights Reserved.
#
# US Government Users Restricted Rights - Use, duplication or disclosure
# restricted by GSA ADP Schedule Contract with IBM Corp.
#############################################################################
#
# spcust_sample1.sh contains an example of configuring
# Secure+ to use SSL or TLS protocols with the Secure+ CLI. 
# The example demonstrates the configuration of Secure+
# with the trusted root and key certificates and ciphers
#
#
# Variables
#
# The return code. 
# spcli.sh returns the highest return code of the commands
# it executed. Possible return codes and their meanings are
#      0    success
#      4    warning
#      8    error
#     16    fatal error
RC=0
#
#
# Functions
#
#
# Custom initialization logic written by customer.
#
initCustom()
{
    # Customer adds custom initialization code here.
    echo "Init custom..."
    # rm -rf /sci/users/jlyon/cd42/ndm/secure+/nodes
}
#
# Invoke CLI to configure Secure+.
#
invokeCLI()
{
    /sci/users/jlyon/cd42/ndm/bin/spcli.sh -e 8 -li y << EOF
    ;
    display info
    ;
    ;
    ; -- Synch with netmap
    ;
    sync netmap 
        path=/sci/users/jlyon/cd42/ndm/cfg/<node name>/netmap.cfg
        name=*
    ;
    ;
    ; -- Import KeyCert
    ;
    Import KeyCert
        File=<path to Key Certificate file>
        Passphrase=<KeyStore passphrase>
        Label=<optional, destination name of key certificate>
        ImportMode=<Add | Replace | AddOrReplace>
    ;
    ;
    ; -- Import TrustedCert
    ;
    Import TrustedCert
        File=<path to Trusted Certificate file>
        ImportMode=<Add | Replace | AddOrReplace>
    ;
    ;
    ; -- Update LocalNode
    ;
    Update LocalNode
        Protocol=<Comma delimited list of Protocols, see Display Protocols>
        SecurityMode=<One Security Mode, see Display SecurityModes>
        Override=<y | n>
        AuthTimeout=<nnn seconds>
        KeyCertLabel=<label of key certificate | null>
        EncryptData=<y | n>
        ClientAuth=<y | n>
        CipherSuites=<Comma delimited list of Ciphersuites | All | null>
        SeaEnable=<y | n>
        SeaCertValDef=<external authentication server certificate validation definition | null>
    ;
    ;
    ; -- Display localnode
    ;
    display localnode
    ; 
    ;
    ; -- Validate parmfile
    ;
    validate parmfile
    ;
EOF
    return $?
}
#
# Custom termination logic written by customer.
#
terminateCustom()
{
    # Customer adds custom termination code here.
    # For example, E-mail standard out log for review.
    # Send error messages to system monitoring facility. 
    echo "$RC"
    echo "Custom Terminating ... "
}
#
#  Main script
#
echo
echo "This script has been prevented from running because it will alter the configuration"
echo "of Secure+. Before removing this warning and its exit call, please modify the script"
echo "so that it carries out only desired modifications to the configuration of Secure+." 
echo  
exit
initCustom
invokeCLI
RC=$?
terminateCustom
exit $RC 

Sample Script

The following script is provided as a model for creating custom scripts to define your IBM Connect:Direct environment and automate the implementation of it. To prevent any loss of data, you cannot run the script, but you can save it with a different name and modify it to suit your needs.

The sample script is available in Automation Script. The script is designed to assist you as follows:

spcust_sample1.sh

An example of configuring IBM Connect:Direct to use the TLS protocol with the Secure+ CLI. The example demonstrates the configuration of Connect:Direct with the trusted root file, key certificates, and ciphers.