Technote (FAQ)
Question
How can I create a key database (keyring) in FIPS mode with a stash file?
Cause
This has been identified as a product defect under APAR IV29727
Answer
In order to create a key database (keyring) in FIPS mode with a stash file it is necessary have IBM Java 6.0 installed and we have to do the following steps:
- edit the java.security file in the %JAVA_HOME%/jre/lib/security directory and ensure that the appropriate Java security providers are listed, based on operating system and whether or not Federal Information Processing Standards (FIPS) is enabled.
This means that you have to add the following lines in “List of providers and their preference orders (see above):”
security.provider.10=com.ibm.security.cmskeystore.CMSProvider
security.provider.11=com.ibm.crypto.fips.provider.IBMJCEFIPS
- Open a command prompt and locate the %JAVA_HOME%/jre/bin, from there run the command:
ikeyman.exe -DDEFAULT_FIPS_MODE_PROCESSING=true
now you will see inside the list of key database type CMS, select CMS
a password prompt will appear:
insert the password and check the “Stash password to file”
Now you have to select Personal Certificates and press New Self-Signed button on the right:
here select the algorithm you want fro your certificate.
As double check to be sure that you are running in fips mode verify that MD5 is not present in the drop down list.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.