Setting IBM Java Security to Use FIPS Certified Cryptographic Security Provider

You must set the java.security file to use FIPS certified cryptographic security provider.

Procedure

  1. Stop the application server.
    Note: For information on starting and stopping the application server, see the end of Installing TIBCO MFT Internet Server.
  2. Navigate to the JAVA_HOME\jre\lib\security directory and open your java.security file with any available text editor.
  3. Uncomment the following value by removing the pound sign (#) from the front of the statement.
    Note: If you do not see the statement shown below in your file, you must add it to the top of the list as number 1.

    #security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS

  4. Reset the security provider number values for the other security providers, so they are in number order from 1 through 11.
  5. When you finish editing the file, save your changes and exit the file.
  6. Navigate to the following directory and open the web.xml file to edit using an available text editor.
    MFTIS_Install/server/webapps/CONTEXT_NAME/WEB-INF/
  7. Search for the SSHSecurityProvider parameter and configure it as follows: 
    <context-param>
<param-name>SSHSecurityProvider</param-name>
<param-value>com.ibm.crypto.fips.provider.IBMJCEFIPS</param-value>
</context-param>
  8. When you have finished, save the file.

What to do next

Set the TIBCO MFT Internet Server environment variable, and then restart the MFT server. See Setting the TIBCO MFT Internet Server Environment Variable.