IBM Support

The Key Management Utility bundled with IBM HTTP Server V7.0 32-bit, and the WebSphere Application Server Web server plug-in 32-bit V7.0, displays an error when creating a PKCS12 keystore file



The Java version "1.6.0" new install with IBM HTTP Server V7.0 and the Web server plug-in V7.0 contains restricted policy files.


An error message displays when performing the following steps:

  1. Start the Key Management Utility.

  2. Select Key Database File > New. For Key database type, select PKCS12 and then click OK.

  3. Enter a new password and click OK.

The following error message is displayed:

The command cannot complete because your JRE is using restricted policy files.


Restricted JCE Policy files

Resolving The Problem

To resolve the problem, select either option:

1. Rename and move the restricted JCE Policy files indicated below from the <ihsinst>/java/jre/lib/security/ directory to a directory that is outside the JDK class path, extdirs, or bootclasspath.


2. Next, place the unrestricted JCE policy files in the <ihsinst>/java/jre/lib/security/ directory. They should be named local_policy.jar and US_export_policy.jar

3. Finally, restart the ikeyman utility to pick up the unrestricted JCE policy files now located in the security directory

Very Important Note: You will be offered two options to download. See screen shot below. The correct Unrestricted JCE policy files will depend on the JAVA SR version. This can be verified, Run java -version command from the <ihsinst>/java/jre/bin directory. The output will display the Java SR version.
For example: Java 1.6..0 version with SR12

Replacing the wrong Unrestricted JCE policy files, when retry to manage a PKCS12 keystore file the ikeyman utility will fail to open.the keystore file reporting the following error.

[{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"SSL","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.0","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM HTTP Server","Platform":[{"code":"PF033","label":"Windows"}],"Version":";;;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018