Troubleshooting
Problem
After upgrading Secure Proxy to version 6.2.1.2, SSP CM and Engine fails to start with FIPS mode enabled.
Symptom
Exception error seen in startCM.out and start.Engine.out
Exception in thread "main" java.lang.UnsatisfiedLinkError: Failed to load library ("/tmp/bc-fips-jni_2210962048803907/libbc-probe.so") /tmp/bc-fips-jni_2210962048803907/libbc-probe.so: failed to map segment from shared object
Cause
This problem happens because Bouncy Castle FIPS jars when using hardware encryption on platforms supporting AES-NI uses JNI libraries. It copies these libraries to /tmp directory and executes them. If /tmp is mounted with noexec option it can not execute jni libraries loaded at /tmp.
Resolving The Problem
Workaround is to add the following java system property in startCM.sh and startEngine.sh when running in FIPS mode.
-Djava.io.tmpdir=<new path>
Add a new directory path that is accessible by the SSP admin userID.
Example for adding it to startCM.sh: (the variable can be placed anywhere the other variables are)
##Use this system variable to redirect /tmp directory when using FIPS mode
S=-Djava.io.tmpdir=<new path>
Add the "S" variable in 2 places in the script as shown below.
nohup "/ssp_cm_install_path/jre/bin/java" -server -Xmx${MAXHEAP} -cp ${CLASSPATH} ${l} ${K} ${F} ${G} ${H} ${I} ${M} ${N} ${O} ${P} ${B} ${S} --illegal-access=warn --add-opens java.base/java.lang=ALL-UNNAMED -Djava.security.properties=../conf/java.security.override -Dhadrian.root.dir=${DIST_DIR} com.sterlingcommerce.hadrian.Main >startCM.out &
echo "${PP}" | nohup "/ssp_cm_install_path/jre/bin/java" -server -Xmx${MAXHEAP} -cp ${CLASSPATH} ${l} ${F} ${G} ${H} ${I} ${M} ${N} ${P} ${B} ${S} --illegal-access=warn --add-opens java.base/java.lang=ALL-UNNAMED - Djava.security.properties=../conf/java.security.override -Dhadrian.root.dir=${DIST_DIR} com.sterlingcommerce.hadrian.Main >startCM.out 2>&1 &
Example for adding it to startEngine.sh: (the variable can be placed anywhere the other variables are)
##Use this system variable to redirect /tmp directory when using FIPS mode
S=-Djava.io.tmpdir=<new path>
Add the "S" variable in 2 places in the script as shown below.
nohup "/ssp_engine_install_path/jre/bin/java" -server -Xmx${MAXHEAP} -cp ${CLASSPATH} ${F} ${B} ${C} ${G} ${H} ${I} ${J} ${K} ${L} ${M} ${O} ${P} ${Q} ${Z} ${V} ${R} ${S} --illegal-access=warn --add-opens java.base/java.lang=ALL-UNNAMED --add-exports java.base/com.sun.crypto.provider=ALL-UNNAMED -Djava.security.properties=../conf/java.security.override -DvendorFile=vendor.properties -DPsPlatformFactory=com.sterlingcommerce.csp.perimeter.platform.SSPPlatformFactory -Dhadrian.root.dir=${DIST_DIR} com.sterlingcommerce.hadrian.Main >startEngine.out &
echo "${PP}" | nohup "/ssp_engine_install_path/jre/bin/java" -server -Xmx${MAXHEAP} -cp ${CLASSPATH} ${F} ${B} ${C} ${G} ${H} ${I} ${J} ${K} ${L} ${M} ${O} ${P} ${Q} ${Z} ${V} ${R} ${S} --illegal-access=warn --add-opens java.base/java.lang=ALL-UNNAMED --add-exports java.base/com.sun.crypto.provider=ALL-UNNAMED -Djava.security.properties=../conf/java.security.override -DvendorFile=vendor.properties -DPsPlatformFactory=com.sterlingcommerce.csp.perimeter.platform.SSPPlatformFactory -Dhadrian.root.dir=${DIST_DIR} com.sterlingcommerce.hadrian.Main >startEngine.out 2>&1 &
If same error is encountered when running SEAS in FIPS mode, the same workaround can be used. Add the above java system property to startSEAS.sh.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
10 March 2026
UID
ibm17263095