Updating the Java SDK policy files

AppScan® Enterprise provides Java SDK 7.0 that contains strong but limited jurisdiction policy files. Some key formats (such as PKCS #12) that are provided by a Certificate Authority (CA) might be protected with algorithms that are not provided with the limited policy files in Java SDK 7.0. Before you replace self-signed certificates with CA-issued certificates, update your Java SDK policy files.

About this task

The unrestricted JCE policy files that are provided in the policy file update can ensure that you have the correct algorithms for CA-issued certificates.


  1. Use a browser to go to http://www.ibm.com/developerworks/java/jdk/security/index.html.
  2. Click Java SE 7.
  3. On the website that launches, click IBM® SDK Policy files in the table of contents and then ibm.com® on the page that opens in the content pane.
  4. On the website, enter your HCL®.com ID and password.
  5. Select Files for Java 5.0 SR16, Java 6 SR13, Java 6 SR5 (J9 VM2.6), Java 7 SR4, and all later releases and click Continue.
  6. View the license, check I agree, and click I confirm.
  7. Click Download now.
  8. Extract the unlimited jurisdiction policy files that are packaged in a compressed file. The compressed file contains a US_export_policy.jar file and a local_policy.jar file.
  9. On the server where AppScan® Enterprise is installed, back up the following files:
    • US_export_policy.jar
    • local_policy.jar
    Note: These files are installed in the following directory by default: <installdir>/AppScan Enterprise/Liberty/jre/lib/security/.
  10. Replace the US_export_policy.jar and local_policy.jar files with the updated files from the compressed file that you downloaded.