Configure Java Encryption
-
Extract local_policy.jar and US_export_policy.jar
from the unlimited strength policy files and copy them into the following
location(s) .
Configuration JDK Location All installations $JAVA_HOME/jre/lib/security
WebSphere installations $WAS_HOME/java/jre/lib/security -
Locate the java.security file in the
/security
directory. -
Verify that the file permissions on
the java.security file allow write access for "owner", "group", and
"other".
If they do not, change permissions on the file.
chmod 777 java.security
-
Use a text editor to open the java.security
file. Add the following line.
security.provider.ProviderNumber=org.bouncycastle.jce.provider.BouncyCastleProvider
where ProviderNumber is the number that reflects the position where the line appears in the file.
You must change the ProviderNumber for each security.provider that appears after the Bouncy Castle line.
-
For Oracle JDK, the security.provider line for Bouncy Castle must come AFTER the sun.security.provider.Sun line.
Oracle JDK Example
security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.rsa.SunRsaSign security.provider.3=com.sun.net.ssl.internal.ssl.Provider security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.5=com.sun.crypto.provider.SunJCE security.provider.6=sun.security.jgss.SunProvider security.provider.7=com.sun.security.sasl.Provider
-
For IBM JDK, the security.provider line for Bouncy Castle must come AFTER the com.ibm.crypto.provider.IBMJCE line.
IBM JDK Example
security.provider.1=com.ibm.crypto.provider.IBMJCE security.provider.2=com.ibm.jsse.IBMJSSEProvider security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.4=com.ibm.jsse2.IBMJSSEProvider2 security.provider.5=com.ibm.security.jgss.IBMJGSSProvider security.provider.6=com.ibm.security.cert.IBMCertPath security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11 security.provider.8=com.ibm.security.cmskeystore.CMSProvider security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
-
-
Change file permissions on the
java.security file to read/execute access for "owner", "group", and
"other".
chmod 555 java.security
-
Repeat these steps for all JDKs used by your system,
including the java.security files for JDKs on machines running applications
that connect to Lawson using the Distributed Single Sign-on solution
(DSSO). (This includes the JDKs embedded in the application server.)
-
The java.security file for the WebSphere JDK, located in:
-
The java.security files for JDKs on machines running applications that connect to Lawson using the Distributed Single Sign-on Solution (DSSO).
Now you are ready to verify the encryption algorithms.
-