The Java version "1.6.0" new install with IBM HTTP Server V7.0 and the Web server plug-in V7.0 contains restricted policy files.
An error message displays when performing the following steps:
- Start the Key Management Utility.
- Select Key Database File > New. For Key database type, select PKCS12 and then click OK.
- Enter a new password and click OK.
The following error message is displayed:
|The command cannot complete because your JRE is using restricted policy files.|
Restricted JCE Policy files
Resolving The Problem
To resolve the problem, select either option:
- Download and install a later Java 32-bit x86 AMD/Intel Java SDK from the WebSphere Support web site to the IBM HTTP Server java and plug-ins java folder.
- Download and install the files from the Unrestricted JCE policy files site.
After downloading the unrestricted JCE policy files, follow the instructions below to replace the restricted JCE policy files with the unrestricted JCE policy files.
1. Rename and move the restricted JCE Policy files indicated below from the <ihsinst>/java/jre/lib/security/ directory to a directory that is outside the JDK class path, extdirs, or bootclasspath.
2. Next, place the unrestricted JCE policy files in the <ihsinst>/java/jre/lib/security/ directory. They should be named local_policy.jar and US_export_policy.jar
3. Finally, restart the ikeyman utility to pick up the unrestricted JCE policy files now located in the security directory
Very Important Note: You will be offered two options to download. See screen shot below. The correct Unrestricted JCE policy files will depend on the JAVA SR version. This can be verified, Run java -version command from the <ihsinst>/java/jre/bin directory. The output will display the Java SR version.
For example: Java 1.6..0 version with SR12
Replacing the wrong Unrestricted JCE policy files, when retry to manage a PKCS12 keystore file the ikeyman utility will fail to open.the keystore file reporting the following error.
15 June 2018