When FIPS 140-2 compliance is enabled on the IBM® Sametime® Community
Server, add the IBMJCEFIPS provider to the Java™ security settings.
About this task
For instructions on enabling FIPS 140-2 on the IBM Sametime Community
Server, see the task Setting up TLS Configuration.
Procedure
Use a text editor to add com.ibm.crypto.fips.provider.IBMJCEFIPS to
the list of providers in the java.security file
by completing these steps:
- Navigate to the Sametime_install_root\ibm-jre\jre\lib\security directory.
For example: IBM
AIX®
/opt/ibm/lotus/notes/latest/ibmpow/ibm-jre/jre/lib/security
Linux™
/opt/ibm/lotus/notes/latest/linux/ibm-jre/jre/lib/security/
Microsoft™ Windows™
C:\Program Files\IBM\Domino\ibm-jre\jre\lib\security
- Open the java.security file.
- In the java.security file, insert
the IBMJCEFIPS provider com.ibm.crypto.fips.provider.IBMJCEFIPSbefore
the IBMJCE provider. Renumber the other providers in the provider
list. This abbreviated example illustrates this line added to the java.security file.
Notice that the preference numbers must be in sequence:
## List of providers and their preference orders (see above)#
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
security.provider.5=com.ibm.security.cert.IBMCertPath
...
#
- Save and close the file.