How To
Summary
After you install fix pack 8.5.5.21 or 9.0.5.10, the JDK is getting upgraded to JDK 8 SR7 or JDK 7 SR11.
You downloaded and installed the unrestricted policy files at your JDK folder sometime ago.
That previous version of the unrestricted policy files is not compatible with the new JDK versions so starting the server you see error messages as the following ones:
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.(Unknown Source)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
... 63 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
Steps
Starting with Java 8 SR5 FP10 and Java 7 SR10 FP20, the unrestricted policy files are delivered with the JDK so you don't have to download them and install them, as you can read atTo bypass this issue, you have to use the new policy files delivered with the new JDK.
- Check there are no policy files at folder WASINSTALLROOT/AppServer/java*/jre/lib/security/. (No US_export_policy.jar and local_policy.jar files in that folder). If you see those files, you must delete them.
- Search in the WASINSTALLROOT/AppServer/java*/jre/lib/security/java.security file that property crypto.policy has not been set or if set, set to crypto.policy=unlimited
That way you use the policy files delivered with the new JDK and problem will be fixed.
- Follow the instructions at Disabling WebSphere administrative security when admin console is not accessible
- After that, you will be able to start the server and access the WebSphere admin console.
- Click Servers > Server Types, and WebSphere application servers > server_name. Then, under Server Infrastructure, click Java and process management > Process definition > Java virtual machine.
- Scroll down to generic JVM arguments and remove the com.ibm.security.jurisdictionPolicyDir property.
- If you can't find it in the generic JVM arguments, click Custom properties and check for com.ibm.security.jurisdictionPolicyDir property there. Remove it.
- Re-enable the global security in the admin console
- Restart the server
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
24 March 2022
UID
ibm16561619