Setting IBM Java Security to Use FIPS Certified Cryptographic Security Provider

After setting your browser to use TLS, you have to set the IBM java.security file.

Procedure

  1. Stop the application server.
    Note: For information on starting and stopping the application server, see the information provided at the end of Installing TIBCO MFT Command Center.
  2. Navigate to the JAVA_HOME\jre\lib\security directory and open the java.security file.
  3. Remove the pound sign (#) from the following statement.
    #security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
    Note: If you do not see the following statement in your file, you must add it to the top of the list.
  4. Reset the security provider number values for the other security providers to number they in number order from 1 through 11.
  5. Save your changes and exit the file after you finish editing the file.
  6. Navigate to the MFTCC_Install\server\webapps\CONTEXT_NAME\WEB-INF directory and open the web.xml file.
  7. Search for the SSHSecurityProvider parameter and configure it as follows: 
    <context-param>
<param-name>SSHSecurityProvider</param-name>
<param-value>com.ibm.crypto.fips.provider.IBMJCEFIPS</param-value>
</context-param>
  8. Save the file after you finish the configurations.

What to do next

Set the TIBCO MFT Command Center environment variable and restart the MFT server. See Setting the TIBCO MFT Command Center Environment Variable.