Most Popular Posts

16/08/2016

FIPS Compliance-Part II. IBMJCEFIPS not found for IBMSecureRandom

TL;DR

Add the following lines to the java.security ([java_homedir]/jre/lib/security/java.security) file:

security.provider.1=com.ibm.securerandom.provider.IBMSecureRandom
security.provider.2=com.ibm.crypto.provider.IBMJCE

Explanation of the issue:

After enabling the FIPS compliance you might encounter the following errors in the log file once you try to restart the Application server:

IBMJCEFIPS not found for IBMSecureRandom




Log details:

com.ibm.websphere.ssl.JSSEHelper.getSSLContext 704
com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket 459
com.ibm.ws.orbimpl.transport.WSTransport.createServerSocket 1439
com.ibm.ws.orbimpl.transport.WSTransport createServerSocket P=312105:O=0:CT ORBX0390E: Cannot create listener thread.
Exception=[ org.omg.CORBA.INTERNAL: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET,
Exception=com.ibm.websphere.ssl.SSLException:
java.lang.RuntimeException: Provider IBMJCEFIPS not found for IBMSecureRandom
vmcid: 0x49421000 minor code: 77 completed: No - received while attempting to open server socket on port 1072 ].
com.ibm.ws.orbimpl.transport.WSTransport.startListening 805
com.ibm.ws.orbimpl.transport.WSTransport.createListener 724


The easiest way to fix it is by adding the missing IBM SecureRandom provider into the list before the IBM JCE provider inside the java.security ([java_homedir]/jre/lib/security/java.security):

security.provider.1=com.ibm.securerandom.provider.IBMSecureRandom
security.provider.2=com.ibm.crypto.provider.IBMJCE



No comments:

Post a Comment