Adding the IBMJCEFIPS provider to java.security

When FIPS 140-2 compliance is enabled on the IBM® Sametime® Community Server, add the IBMJCEFIPS provider to the Java security settings.

About this task

For instructions on enabling FIPS 140-2 on the IBM Sametime Community Server, see the task Setting up TLS Configuration.

Procedure

Use a text editor to add com.ibm.crypto.fips.provider.IBMJCEFIPS to the list of providers in the java.security file by completing these steps:
  1. Navigate to the Sametime_install_root\ibm-jre\jre\lib\security directory.

    For example: IBM AIX®

    /opt/ibm/lotus/notes/latest/ibmpow/ibm-jre/jre/lib/security

    Linux

    /opt/ibm/lotus/notes/latest/linux/ibm-jre/jre/lib/security/

    Microsoft Windows

    C:\Program Files\IBM\Domino\ibm-jre\jre\lib\security

  2. Open the java.security file.
  3. In the java.security file, insert the IBMJCEFIPS provider com.ibm.crypto.fips.provider.IBMJCEFIPSbefore the IBMJCE provider. Renumber the other providers in the provider list. This abbreviated example illustrates this line added to the java.security file. Notice that the preference numbers must be in sequence:
    ## List of providers and their preference orders (see above)#
    security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
    	security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
    	security.provider.3=com.ibm.crypto.provider.IBMJCE
    	security.provider.4=com.ibm.security.jgss.IBMJGSSProvider
    	security.provider.5=com.ibm.security.cert.IBMCertPath
    	...
    	#
  4. Save and close the file.