Use this topic to configure Federal Information Processing Standard Java Secure Socket Extension files.
WebSphere
Application Server automatically defaults to the IBMJSSE2 provider
(with the IBMJCEFIPS provider) for supporting FIPS. When enabling
the Use the United States Federal Information Processing Standard
(FIPS) algorithms option on the server SSL certificate and key
management panel, the runtime always uses IBMJSSE2, despite the contextProvider
that you specify for SSL (IBMJSSE or IBMJSSE2).
Also, because FIPS requires the SSL protocol be TLS, the runtime always
uses TLS when FIPS is enabled, regardless of the SSL protocol setting
in the SSL repertoire. This simplifies the FIPS configuration in Version 6.1 because an administrator
needs to enable only the Use the United States Federal Information
Processing Standard (FIPS) algorithms option on the server SSL
certificate and key management panel to enable all transports using
SSL.
ADMU3007E: Exception com.ibm.websphere.management.exception.ConnectorExceptionUncomment the following entry in the java.security file if it was previously removed or commented out, then restart the server:
security.provider.2=com.ibm.crypto.provider.IBMJCEThe java.security file is located in the WAS_HOME/java/jre/lib/security directory.
#security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.1=com.ibm.crypto.provider.IBMJCE security.provider.2=com.ibm.jsse.IBMJSSEProvider security.provider.3=com.ibm.jsse2.IBMJSSEProvider2 security.provider.4=com.ibm.security.jgss.IBMJGSSProvider security.provider.5=com.ibm.security.cert.IBMCertPath #security.provider.6=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.security.jgss.IBMJGSSProvider security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.4=com.ibm.crypto.provider.IBMJCE security.provider.5=com.ibm.jsse.IBMJSSEProvider security.provider.6=com.ibm.jsse2.IBMJSSEProvider2 security.provider.7=com.ibm.security.cert.IBMCertPath #security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.1=sun.security.provider.Sun #security.provider.2=com.ibm.crypto.provider.IBMJCEFIPS security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.jsse.IBMJSSEProvider security.provider.4=com.ibm.jsse2.IBMJSSEProvider2 security.provider.5=com.ibm.security.jgss.IBMJGSSProvider security.provider.6=com.ibm.security.cert.IBMCertPath security.provider.7=com.ibm.i5os.jsse.JSSEProvider #security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11 security.provider.8=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
In this information ...Related reference
| IBM Redbooks, demos, education, and more(Index) |