In accordance with the United States of America export
restrictions, Java™ that is bundled
with the server has limited encryption key sizes that can be used
in the server operation. In order to successfully convert signed client
certificates or sign server Certificate Signing Request for use in
the server, you have to replace the bundled encryption policy files
with the unrestricted files published by IBM®.
Procedure
- Go to https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk.
- Provide your IBM ID
and password and click Sign in. You might need
to register with IBM to download
the files.
- Select Java 5.0, Java 6 SR13, Java 6 SR5 (J9
VM2.6), Java 7 SR4, Java 8 GA, and all later releases and
then click Continue.
- View the license agreement and then select I
Agree.
- Click Download Now.
- Install the files:
- Extract the file unrestricted.zip into
a directory of your choice. The extracted files are US_export_policy.jar and local_policy.jar.
- Replace the following files with the US_export_policy.jar and local_policy.jar files:
/IBM/InformationServer/jdk/jre/lib/security/US_export_policy.jar
/IBM/InformationServer/jdk/jre/lib/security/local_policy.jar
/IBM/WebSphere/AppServer/java/jre/lib/security/US_export_policy.jar
/IBM/WebSphere/AppServer/java/jre/lib/security/local_policy.jar
Note: If you are using Windows, you must also copy the US_export_policy.jar
file and the local_policy.jar file to the directory
C:\IBM\InformationServer\jdk32\jre\lib\security.
- Verify the version of Java that your instance of WebSphere® Application Server is
using by issuing the following command:
cd /IBM/WebSphere/AppServer/bin
./managesdk.sh -listEnabledProfile -profileName InfoSphere
If
your instance of
WebSphere Application Server is
configured to use Java Development Kit 1.7, then the files in this
directory need to be replaced:
/IBM/WebSphere/AppServer/java_1.7_64/jre/lib/security/US_export_policy.jar
/IBM/WebSphere/AppServer/java_1.7_64/jre/lib/security/local_policy.jar
- Restart the server.
What to do next
After the encryption policy files are installed, you should
be able to successfully convert signed client certificates for use
in the server.