IBM Support

Using the Connect:Direct Unix silent install cdai_spConfig= option

Technical Blog Post


Abstract

Using the Connect:Direct Unix silent install cdai_spConfig= option

Body

The "Silent Install" feature allows Connect:Direct to be installed without user interaction to help implement mass-rollout scenarios.  One of the more complicated features when setting up a new Connect:Direct node is setting up the individual Secure+ records for each trading partner. Each record may possibly have different information, and setting these up in a consistent manner across a number of nodes can be a challenge. This is addressed by using the "cdai_spConfig=" parameter in the Silent Install Options file that points to a spcli script that can be customized for your exact environment:
cdai_spConfig="/<work_path>/silent_install_src_dir/spconfig.txt"

 

The command shell tool called "spcli.sh" allows you to create, modify, or delete any of the Secure+ options.  For example, you can sync your netmap.cfg file to Secure+, import keycerts and trusted certs, and modify individual records for each trading partner.  Each command in the script is exactly like it would be input if you were doing it command line allowing you to test each command before inputting it in the script.

Here is an example of an spconfig.txt script to give you a general idea of it's format:

sync netmap
        path=/<work_path>/silent_install_src_dir/netmap.cfg
        name=*
;

Import KeyCert
        File="/<work_path>/silent_install_src_dir/keycert.txt"
        Passphrase=password
        Label=myLocalKeycert
        ImportMode=Add
;

Import TrustedCert
        File="/<work_path>/silent_install_src_dir/IBM_CA_ROOT_Cert.cer"
        Label=IBM_CA_ROOT_Cert
        ImportMode=Add
;

Import TrustedCert
        File="/<work_path>/silent_install_src_dir/trusted.txt"
        ImportMode=Add
;

Update LocalNode
        Protocol=TLS1.2
        SecurityMode=FIPS140-2
        Override=y
        AuthTimeout=120
        KeyCertLabel=myLocalKeycert
        EncryptData=y
        ClientAuth=n
        CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
        SeaEnable=n
        SeaCertValDef=null
;
Update RemoteNode
        Name=myTestNode.4100
        Protocol=TLS1.2
        SecurityMode=FIPS140-2
        Override=n
        AuthTimeout=120
        KeyCertLabel=myLocalKeycert
        EncryptData=y
        ClientAuth=n
        CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
        SeaEnableemoteNode
        SeaCertValDef=null
;
Update RemoteNode
        Name=myTestNode.4200
        Protocol=TLS1.2
        SecurityMode=FIPS140-2
        Override=n
        AuthTimeout=120
        KeyCertLabel=myLocalKeycert
        EncryptData=y
        ClientAuth=n
        CipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
        SeaEnable=n
        SeaCertValDef=null
;

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4PJT","label":"IBM Sterling Connect:Direct"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11123659

Page Feedback