Configuring batch reports for FIPS
About this task
To configure batch reports for FIPS compliance, perform the following steps:
- Import the FIPS certificate from the database server to a Java™ trustStore on the client. Use the Java keytool utility to import the certificate into the trustStore.
- Edit the SDK java.security file located in the INSTALL_DIR/java/jre/lib/security directory to insert the IBMJCEFIPS provider (com.ibm.crypto.fips.provider.IBMJCEFIPS). IBMJCEFIPS must precede the IBMJCE provider in the provider list. The following is an example of the edited SDK java.security file:
security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.jsse.IBMJSSEProvider security.provider.4=com.ibm.jsse2.IBMJSSEProvider2 security.provider.5=com.ibm.security.jgss.IBMJGSSProvider security.provider.6=com.ibm.security.cert.IBMCertPath security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11 security.provider.8=com.ibm.security.cmskeystore.CMSProvider security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGOThe following is an example of the edited java.security file if you are using the Oracle Java SE Development Kit:security.provider.1=sun.security.provider.Sun security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.3=com.ibm.crypto.provider.IBMJCE security.provider.4=com.ibm.jsse.IBMJSSEProvider security.provider.5=com.ibm.jsse2.IBMJSSEProvider2 security.provider.6=com.ibm.security.jgss.IBMJGSSProvider security.provider.7=com.ibm.security.cert.IBMCertPath security.provider.8=com.ibm.i5os.jsse.JSSEProvider #security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11 security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO - Verify that the keystore.type parameter is the same as the value specified for type of the keystore in the config.file. The default value is JKS.