SDK Security policy files
By default, the IBM® SDK provides unlimited strength JCE jurisdiction policy files. To use the limited jurisdiction policy files, set the property crypto.policy=limited in the java.security file.
From IBM SDK, Java™ Technology Edition, Version 7 service refresh 4, there is a new set of unlimited jurisdiction policy files. Although the old policy files continue to work with all current releases, after installing IBM SDK, Java Technology Edition, Version 7 service refresh 4, you should plan to update to the new policy files before 2014. This activity is necessary ahead of the expiry of the certificates that sign these policy files. The new policy files do not work with earlier releases.
Because the current JCE code signing certificate expires in October 2018, new policy files are included with this refresh. If you are on an older level of the SDK and unable to move to the latest fix pack, note that the expiry of the certificate has no impact on operations. However, if you want to update your policy files, click on the following link to navigate to the download site: https://public.dhe.ibm.com/ibmdl/export/pub/systems/cloud/runtimes/java/security/jce_policy/
- Unlimited jurisdiction policy files
- Limited jurisdiction policy files
Specifying a different directory for the policy files
This command runs the myApplication Java application, using unlimited jurisdiction policy files from the /policyfiles/unrestricted directory, and displays the following information:
java -Dcom.ibm.security.jurisdictionPolicyDir=/mypolicyfiles/unrestricted -Djava.security.debug=ibmjcefw myApplication
export policy URL:file: /mypolicyfiles/unrestricted/US_export_policy.jar import policy URL:file: /mypolicyfiles/unrestricted/local_policy.jar
Although policy files are now stored in the jre/lib/security/policy/limited and jre/lib/security/policy/unlimited directories, the -Dcom.ibm.security.jurisdictionPolicyDir property is retained for backward compatibility. This property takes precedence over the crypto.policy property setting in the java.security file. Therefore, you can continue to use this mechanism without making any changes to your upgrade process.