A Java™ virtual machine (JVM) uses many important security properties that you set by editing the Java master security properties file.
This file, named java.security, usually resides in the /QIBM/ProdData/Java400/jdk15/lib/security
directory on your iSeries™ server.
The following list describes several relevant security properties for using JSSE. Use the descriptions as a guide for editing the java.security file.
security.provider.<integer>
The JSSE provider that you want to use. Also statically registers cryptographic provider classes. Specify the different JSSE providers exactly like the following example:
security.provider.5=com.ibm.as400.ibmonly.net.ssl.Provider security.provider.6=com.ibm.jsse.IBMJSSEProvider security.provider.7=com.ibm.fips.jsse.IBMJSSEFIPSProvider
ssl.KeyManagerFactory.algorithm
Specifies the default KeyManagerFactory algorithm. For the native iSeries JSSE provider, use the following:
ssl.KeyManagerFactory.algorithm=IbmISeriesX509For the pure Java JSSE provider, use the following:
ssl.KeyManagerFactory.algorithm=IbmX509For more information, see the javadoc for javax.net.ssl.KeyManagerFactory.
ssl.TrustManagerFactory.algorithm
Specifies the default TrustManagerFactory algorithm. For the native iSeries JSSE provider, use the following:
ssl.TrustManagerFactory.algorithm=IbmISeriesX509For the pure Java JSSE provider, use the following:
ssl.TrustManagerFactory.algorithm=IbmX509For more information, see the javadoc for javax.net.ssl.TrustManagerFactory.
ssl.SocketFactory.provider
Specifies the default SSL socket factory. For the native iSeries JSSE provider, use the following:
ssl.SocketFactory.provider=com.ibm.as400.ibmonly.net.ssl.SSLSocketFactoryImplFor the pure Java JSSE provider, use the following:
ssl.SocketFactory.provider=com.ibm.jsse.JSSESocketFactoryFor more information, see the javadoc for javax.net.ssl.SSLSocketFactory.
ssl.ServerSocketFactory.provider
Specifies the default SSL server socket factory. For the native iSeries JSSE provider, use the following:
ssl.ServerSocketFactory.provider=com.ibm.as400.ibmonly.net.ssl.SSLServerSocketFactoryImplFor the pure Java JSSE provider, use the following:
ssl.ServerSocketFactory.provider=com.ibm.jsse.JSSEServerSocketFactoryFor more information, see the javadoc for javax.net.ssl.SSLServerSocketFactory.