Configuring the IBM JRE to use FIPS 140-2 approved providers

Describes how to configure the IBM® JRE to use IBM Java™ FIPS 140-2 approved providers

1. Edit the master security properties file, java.security, to register additional cryptographic package providers:

   On Windows™:

   drive:\install-dir\Program Files\Rational\Common\java\jre\lib\security\java.security

   On the UNIX™ system and Linux™:

   install-dir/Rational/ClearQuest/common/java/jre/lib/security/java.security

2. Locate the list-of-providers section near the top of the file. This section will look similar to the following example:

   #
   # List of providers and their preference orders:
   #
   security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
   security.provider.2=com.ibm.crypto.provider.IBMJCE
   security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
   security.provider.4=com.ibm.security.cert.IBMCertPath
   security.provider.5=com.ibm.security.sasl.IBMSASL

3. Add the following providers to the top of the list and sequentially renumber the other providers:

   security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
   security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS

   The updated list of security providers will look similar to the following example:

   #
   # List of providers and their preference orders:
   #
   security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
   security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
   security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
   security.provider.4=com.ibm.crypto.provider.IBMJCE
   security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
   security.provider.6=com.ibm.security.cert.IBMCertPath
   security.provider.7=com.ibm.security.sasl.IBMSASL