You need to install a Java SDK. See Hardware and Software Requirements to understand the Java requirements for Security Key Lifecycle Manager for z/OS.
It is important that you verify you have the correct version of Java installed in. Add the Java bin directory to your PATH, which can be done by using the USS export command as shown in the example. Replace the path with the location where your Java SDK was installed. Then issue the java -version command and expect to see results like shown here:
export PATH=/usr/lpp/java/J5.0/bin:$PATH java -version java version "1.5.0" Java(TM) 2 Runtime Environment, Standard Edition (build pmz31dev-20070426 (SR5)) IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 z/OS s390-31 j9vmmz3123-20070426 (JIT enabled) J9VM - 20070420_12448_bHdSMr JIT - 20070419_1806_r8 GC - 200704_19) JCL - 20070425
export PATH=/usr/lpp/java/J6.0/bin:$PATH java -version java version "1.6.0" Java(TM) SE Runtime Environment (build pmz3160sr6-20091029_01(SR6)) IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 z/OS s390-31 jvmmz3160sr6-20091028_45330 (JIT enabled, AOT enabled) J9VM - 20091028_045330 JIT - r9_20090902_1330ifx1 GC - 20090817_AA) JCL - 20090924_01
Another aspect to consider is which platforms and SDK levels your partners will use to read the tapes written from your z/OS® system. This specification ensures that the cryptographic capabilities of the reader are compatible with the SDK level that you have chosen for your z/OS Security Key Lifecycle Manager for z/OS deployment.