The Java™ Cryptography Extension (JCE) is a Java framework that is required for IBM®
QRadar® to decrypt advanced
cryptography algorithms for AES192 or AES256. The following information describes how to install
Oracle JCE on your QRadar
appliance.
Procedure
-
Optional: If you are using QRadar 7.2x, 7.3.0, or 7.31, complete the following steps:
- Download the latest version of the Java
Cryptography Extension from the IBM website
(https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk).
The Java Cryptography Extension version must match the
version of the Java that is installed on QRadar.
- Extract the JCE file.
The following Java archive (JAR) files are included in the
JCE download:
- local_policy.jar
- US_export_policy.jar
- Log in to your QRadar
Console or QRadar
Event Collector as a root
user.
- Copy the JCE JAR files to the following directory on your QRadar
Console or Event Collector:
/store/configservices/staging/globalconfig/java_security
Note: The JCE JAR files are only copied to the system that receives the AES192 or AE256 encrypted
files.
- Restart the QRadar services by typing one of the following commands:
- If you are using QRadar 7.2.x, type service
ecs-ec restart.
- If you are using QRadar 7.3.0, type
systemctl restart ecs-ec.service.
- If you are using QRadar 7.3.1, type
systemctl restart ecs-ec-ingress.service.
- Optional: If you are using QRadar 7.4.3 Fix Pack 4 or
earlier, complete the Installing unrestricted SDK JCE policy files procedure
(https://www.ibm.com/docs/en/qsip/7.4?topic=authentication-installing-unrestricted-sdk-jce-policy-files).
Important: If you are using QRadar 7.4.3 Fix Pack 5 or later,
do not install these files.