Downloading and installing the unrestricted JCE policy files

In accordance with the United States of America export restrictions, Java™ that is bundled with the server has limited encryption key sizes that can be used in the server operation. In order to successfully convert signed client certificates or sign server Certificate Signing Request for use in the server, you have to replace the bundled encryption policy files with the unrestricted files published by IBM®.

Procedure

  1. Go to https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk.
  2. Provide your IBM ID and password and click Sign in. You might need to register with IBM to download the files.
  3. Select Java 5.0, Java 6 SR13, Java 6 SR5 (J9 VM2.6), Java 7 SR4, Java 8 GA, and all later releases and then click Continue.
  4. View the license agreement and then select I Agree.
  5. Click Download Now.
  6. Install the files:
    1. Extract the file unrestricted.zip into a directory of your choice. The extracted files are US_export_policy.jar and local_policy.jar.
    2. Replace the following files with the US_export_policy.jar and local_policy.jar files:
      /IBM/InformationServer/jdk/jre/lib/security/US_export_policy.jar
      /IBM/InformationServer/jdk/jre/lib/security/local_policy.jar
      /IBM/WebSphere/AppServer/java/jre/lib/security/US_export_policy.jar
      /IBM/WebSphere/AppServer/java/jre/lib/security/local_policy.jar
      Note: If you are using Windows, you must also copy the US_export_policy.jar file and the local_policy.jar file to the directory C:\IBM\InformationServer\jdk32\jre\lib\security.
    3. Verify the version of Java that your instance of WebSphere® Application Server is using by issuing the following command:
      cd /IBM/WebSphere/AppServer/bin
      ./managesdk.sh -listEnabledProfile -profileName InfoSphere
      If your instance of WebSphere Application Server is configured to use Java Development Kit 1.7, then the files in this directory need to be replaced:

      /IBM/WebSphere/AppServer/java_1.7_64/jre/lib/security/US_export_policy.jar

      /IBM/WebSphere/AppServer/java_1.7_64/jre/lib/security/local_policy.jar

  7. Restart the server.

What to do next

After the encryption policy files are installed, you should be able to successfully convert signed client certificates for use in the server.