The Java™ Cryptography Extension (JCE) is a Java framework that is required for IBM
QRadar to decrypt advanced
cryptography algorithms for AES192 or AES256. The following information describes how to install
Oracle JCE on your QRadar
appliance.
Procedure
-
Optional: If you are using QRadar 7.2x, 7.3.0, or 7.31, complete the following steps:
- Download the latest version of the Java
Cryptography Extension from the IBM website
(https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk).
The Java Cryptography Extension version must match the
version of the Java that is installed on QRadar.
- Extract the JCE file.
The following Java archive (JAR) files are included in the
JCE download:
- local_policy.jar
- US_export_policy.jar
- Log in to your QRadar
Console or QRadar
Event Collector as a root
user.
- Copy the JCE JAR files to the following directory on your QRadar
Console or Event Collector:
/store/configservices/staging/globalconfig/java_security
Note: The JCE JAR files are only copied to the system that receives the AES192 or AE256 encrypted
files.
- Restart the QRadar services by typing one of the following commands:
- If you are using QRadar® 7.2.x, type service
ecs-ec restart.
- If you are using QRadar 7.3.0, type
systemctl restart ecs-ec.service.
- If you are using QRadar 7.3.1, type
systemctl restart ecs-ec-ingress.service.
- Optional: If you are using QRadar 7.4.3 Fix Pack 4 or
earlier, complete the Installing unrestricted SDK JCE policy files procedure
(https://www.ibm.com/docs/en/qsip/7.4?topic=authentication-installing-unrestricted-sdk-jce-policy-files).
Important: If you are using QRadar 7.4.3 Fix Pack 5 or later,
do not install these files.