Table of Contents
Advertisement
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
460
Application Programming Guide and Reference for Java
For example, suppose that the server certificate is stored in a file named
jcc.cacert. Issue the following keytool utility statement to read the certificate
from file jcc.cacert, and store it in a truststore named cacerts.
keytool -import -file jcc.cacert -keystore cacerts
2. Configure the Java Runtime Environment for the Java security providers by
adding entries to the java.security file.
The format of a security provider entry is:
security.provider.n=provider-package-name
A provider with a lower value of n takes precedence over a provider with a
higher value of n.
The Java security provider entries that you add depend on whether you use the
IBM JSSE provider or the Sun JSSE provider.
v If you use the Sun JSSE provider, add entries for the Sun security providers
to your java.security file.
v If you use the IBM JSSE provider, use one of the following methods:
– Use the IBMJSSE2 provider (supported for the IBM SDK for Java 1.4.2
and later):
Recommendation: Use the IBMJSSE2 provider, and use it in FIPS mode.
- If you do not need to operate in FIPS-compliant mode:
v For the IBM SDK for Java 1.4.2, add an entry for the
IBMJSSE2Provider to the java.security file. Ensure that an entry for the
IBMJCE provider is in the java.security file. The java.security file that
is shipped with the IBM SDK for Java contains an entry for entries
for IBMJCE.
v For later versions of the IBM SDK for Java, ensure that entries for the
IBMJSSE2Provider and the IBMJCE provider are in the java.security
file. The java.security file that is shipped with the IBM SDK for Java
contains entries for those providers.
- If you need to operate in FIPS-compliant mode:
v Add an entry for the IBMJCEFIPS provider to your java.security file
before the entry for the IBMJCE provider. Do not remove the entry for
the IBMJCE provider.
v Enable FIPS mode in the IBMJSSE2 provider. See step 3 on page 461.
– Use the IBMJSSE provider (supported for the IBM SDK for Java 1.4.2
only):
- If you do not need to operate in FIPS-compliant mode, ensure that
entries for the IBMJSSEProvider and the IBMJCE provider are in the
java.security file. The java.security file that is shipped with the IBM
SDK for Java contains entries for those providers.
- If you need to operate in FIPS-compliant mode, add entries for the
FIPS-approved provider IBMJSSEFIPSProvider and the IBMJCEFIPS
provider to your java.security file, before the entry for the IBMJCE
provider.
Restriction: If you use the IBMJSSE provider on the Solaris operating
system, you need to include an entry for the SunJSSE provider before entries
for the IBMJCE, IBMJCEFIPS, IBMJSSE, or IBMJSSE2 providers.
Example: Use a java.security file similar to this one if you need to run in
FIPS-compliant mode, and you enable FIPS mode in the IBMJSSE2 provider:
™
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
