uCosminexus Application Server, Security Management Guide

[Contents][Index][Back][Next]

7.3.4 SSL-J provider setup

To use the SSL/TLS communication functionality realized by SSL-J, you need to register the SSL-J providers.

To register the providers, follow these steps:

  1. Copy the SSL-J provider files.
  2. Edit the Security property file.

Detailed information about these steps is given below.

Organization of this subsection
(1) Copying the SSL-J provider files
(2) Editing the security property file

(1) Copying the SSL-J provider files

Copy the following files from the SSL-J provider directory to the extended functionality directory:

SSL-J provider directory:
JDK-installation-path/jre/lib/sslj

Extended functionality directory:
JDK-installation-path/jre/lib/ext

(2) Editing the security property file

Register the SSL-J providers in the security property file.

Security property file:
JDK-installation-path/jre/lib/security/java.security

Use the following format for registering the SSL-J providers:

Registration format:
security.provider.priority-level=provider-class-name
  • For priority-level, specify the level of provider priority with a positive integer. Specifying a smaller number increases the priority.
  • For provider-class-name, specify the SSL-J provider class names. These should be com.rsa.jsafe.provider.JsafeJCE and com.rsa.jsse.JsseProvider.

The Security property file already contains the providers offered by Java SE 6. Specify higher priority levels for the additional SSL-J providers (com.rsa.jsafe.provider.JsafeJCE and com.rsa.jsse.JsseProvider) than for the existing providers. In addition, reduce the priority levels for the existing providers.

Below is an example of registering the SSL-J providers in the Security property file. The file contents shown in this example might differ from those before registration, depending on how the platform and update are applied, and on differences in the user environment.

Example:

Before registration
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI

After registration
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=com.rsa.jsse.JsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI

Characters in bold type indicate changes due to SSL-J provider registration. These changes have been made as follows:

  • The SSL-J provider class names (com.rsa.jsafe.provider.JsafeJCE and com.rsa.jsse.JsseProvider) have been specified for priority levels 1 and 2.
  • The priority levels for the previously registered providers have been changed to levels from 3 to 11.

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2013, Hitachi, Ltd