Securing CA NSM › Communication Protocol Security › Common Communications Interface (CAICCI) › CAICCI Secure Sockets Facility (CCISSF) › Enable CCISSF

Enable CCISSF

CCISSF is disabled by default to provide “out of the box” compatibility with previous versions of CAICCI. Also, not all users will require this enhanced level of security, which comes with some performance costs.

To enable CCISSF, do one (or both) of the following:

• Set the following environment variable in the system environment:

  CAI_CCI_SECURE=[YES|NO]
  

  YES

  Specifies that all connections, unless otherwise specified in the remote daemon configuration file, will have CCISSF enabled.

  NO

  Specifies that the remote daemon will not request SSL for any connections unless they are overridden in the configuration file. However, all incoming secure connections will be accepted using a secure connection. The default is NO.

  Note: Regardless of the environment variable setting, communications to a remote CAICCI will not use CCISSF unless an entry for that remote node is present in the remote daemon configuration file on the local system.

• Override the environment variable setting in the ccirmtd.rc file by setting the following parameter to override the default behavior:

  SECURE=[YES|NO]
  

  YES

  Specifies that a connection attempt to the corresponding remote CAICCI will be required to be made in a secure manner.

  NO

  Specifies that an outgoing connection attempt will be made in a non-secure manner unless the corresponding remote CAICCI requires it.