Describes how to configure the IBM® JRE to use IBM Java™ FIPS 140-2 approved providers
Before you begin
To be FIPS 140-2 approved, all computers running the Rational® ClearQuest® Client must be configured to
use the IBM JRE with the IBM Java JCE
(Java Cryptographic Extension)
FIPS providers enabled. This ensures that the clients use the FIPS
140-2 certified algorithms AES 128-bit and SHA-256.
About this task
Perform the following steps to configure the computers running
the Rational ClearQuest Client to use the IBM JRE with the IBM Java JCE FIPS providers enabled.
Procedure
- Edit the master security properties file, java.security,
to register additional cryptographic package providers:
- On Windows™:
- drive:\install-dir\Program
Files\Rational\Common\java\jre\lib\security\java.security
- On the UNIX™ system and Linux™:
- install-dir/Rational/ClearQuest/common/java/jre/lib/security/java.security
- Locate the list-of-providers section near the top of the
file. This section will look similar to the following example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
- Add the following providers to the top of the list and
sequentially renumber the other providers:
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
The
updated list of security providers will look similar to the following
example:
#
# List of providers and their preference orders:
#
security.provider.1=com.ibm.fips.jsse.IBMJSSEFIPSProvider
security.provider.2=com.ibm.fips.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.jsse2.IBMJSSEProvider2
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.security.sasl.IBMSASL