Setting IBM Java Security to Use FIPS Certified Cryptographic Security Provider

After setting your browser to use TLS, you have to set the IBM java.security file.

    Procedure
  1. Stop the application server.
    Note: For information on starting and stopping the application server, see the information provided at the end of Installing TIBCO MFT Internet Server.
  2. Navigate to the JAVA_HOME\jre\lib\security directory and open the java.security file.
  3. Remove the pound sign (#) from the following statement.
    #security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS

    Note: If you do not see the following statement in your file, you must add it to the top of the list.

  4. Reset the security provider number values for the other security providers to number them in number order from 1 through 11.
  5. Save your changes and exit the file after you finish editing the file.
  6. Navigate to the MFTIS _Install\server\webapps\CONTEXT_NAME\WEB-INF directory and open the web.xml file.
  7. Search for the SSHSecurityProvider parameter and configure it as follows: 
    <context-param>
<param-name>SSHSecurityProvider</param-name>
<param-value>com.ibm.crypto.fips.provider.IBMJCEFIPS</param-value>
</context-param>
  8. Save the file after you finish the configurations.
What to do next

Set the TIBCO MFT Internet Server environment variable and restart the MFT server. See Setting the TIBCO MFT Internet Server Environment Variable.