Configuring the IBM® JRE to use FIPS 140-2 approved providers
Describes how to configure the IBM® JRE to use IBM® Java™ FIPS 140-2 approved providers
Before you begin
About this task
Procedure
- Edit the master security properties file, java.security,
to register additional cryptographic package providers:
- On Windows™:
- drive:\install-dir\Program Files\Rational\Common\java\jre\lib\security\java.security
- On the UNIX™ system and Linux™:
- install-dir/Rational/ClearQuest/common/java/jre/lib/security/java.security
- Locate the list-of-providers section near the top of the
file. This section will look similar to the following example:
# # List of providers and their preference orders: # security.provider.1=com.ibm.jsse2.IBMJSSEProvider2 security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.security.jgss.IBMJGSSProvider security.provider.4=com.ibm.security.cert.IBMCertPath security.provider.5=com.ibm.security.sasl.IBMSASL
- Add the following providers to the top of the list and
sequentially renumber the other providers:
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
The updated list of security providers will look similar to the following example:
# # List of providers and their preference orders: # security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS security.provider.3=com.ibm.jsse2.IBMJSSEProvider2 security.provider.4=com.ibm.crypto.provider.IBMJCE security.provider.5=com.ibm.security.jgss.IBMJGSSProvider security.provider.6=com.ibm.security.cert.IBMCertPath security.provider.7=com.ibm.security.sasl.IBMSASL