Question & Answer
Question
Does IBM® WebSphere® Application Server support the use of third-party (non-IBM) security providers?
Answer
IBM does not support problems resulting from the usage of third-party JSSE (Java™ Secure Socket Extension) or JCE (Java Cryptography Extension) code. IBM does not test IBM Java with third-party JSSE or JCE providers. Only the default IBM JSSE and JCE providers are supported, which are shipped with the product. IBM cannot provide support for the IBM Java runtime when third-party JCE providers are in use.
WebSphere does support the JSSE and JCE "provider framework", which means that multiple providers can be "plugged in". With this approach, a developer could "plug-in" a third-party JSSE or JCE into IBM's supported framework. However, if the component cannot be plugged into the framework, then IBM will investigate problems with the framework only.
If you are experiencing problems using a third-party provider for JSSE or JCE code, first verify that the files from the third-party provider do not contain a framework file(s). A third-party framework file (often these files have an .fw extension) will conflict with the IBM framework. If you believe that the problem you are experiencing is with the IBM framework specifically, please open a case with support, attach a test-case with specific details, and we will investigate on a "best effort" basis.
Please note that the Oracle® JCE code signing certificate used to verify third-party JCE providers in the Java runtime (including the IBM Java runtime) is periodically updated. If a third-party JCE provider is failing to load following an update to the Java runtime, make sure you are using the latest version of the JCE provider to ensure that it has been signed with the latest version of Oracle's JCE code signing certificate. The last update this certificate was made in IBM Java under this APAR: https://www.ibm.com/support/pages/apar/IJ26310
Download JSSE and JCE documentation in the IBM Documentation Center:
https://www.ibm.com/docs/en/sdk-java-technology/8?topic=security-guide
https://www.ibm.com/docs/en/sdk-java-technology/8?topic=security-guide
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.0;8.5.5;8.0;7.0","Edition":"Advanced;Base;Enterprise;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
03 October 2022
UID
swg21107270