This content has been marked as final. Show 1 reply
This is solved today.
We have an issue of IBM JDK with SHA512 cert. Sun JDK might not have this issue.
The cause of this problem were that the key size on the server size for the SHA512 certificate 4096 bits. This was too large for the IBM JDK unless using the unrestricted policy file.
When the MD5 cert is used it appears to be of 1024 bits, however when using the SHA512 the cert is of 4096 bits.
In accordance with the United States of America export restrictions, Java that is bundled with the server has limited encryption key sizes that can be used in the server operation. In order to successfully convert signed client certificates for use in the server, you have to replace the bundled encryption policy files with the unrestricted files published by IBM. This is called "Unrestricted JCE Policy files for SDK"
Procedure to get this file:
1.Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
2.Click J2SE 6.0.
3.Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
4.Click Sign in and provide your IBM ID and password or register with IBM to download the files.
5.Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
6.View the license agreement and then click I Agree.
7.Click Download Now.
8.Install the files:
a.Extract the file: unrestricted.zip into a directory of your choice in Windows.
b.Copy/FTP the two .jar files from the extraction directory to following directories:
--> If you are using a specific JDK version,then copy in $JAVA_HOME/jre/lib/security
--> If you are using Weblogic AS, then WAS_HOME/java/jre/lib/security
9. For the case of weblogic AS, restart the Weblogic server for this change to take effect.