<< R.I.P. Tim | Home | Social Connections VI Prague - An introduction to IBM Connections as an appdev platform >>

Premaster RSA secret error with 4096-bit encryption in WAS ISC

Had a customer the other day that couldn't import their SSL certificate into the WebSphere Application Server (WAS) Integrated Solutions Console (ISC) due to a "RSA premaster secret" error being shown when attempting the import. A PMR with IBM Support confirmed my suspicion that export restrictions was in play. Here is the response from IBM Support.

The premaster RSA secret error with 4096-bit encryption is usually due to the unrestricted JCE policy requirement.
Please, try to install the unrestricted policy files as follow:

  • Take existing jar file backup from /usr/WebSphere/AppServer/java/jre/lib/security
  • Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
    • Click Java SE 6
    • Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
    • Click Sign in and provide your IBM ID and password or register with IBM to download the files.
    • Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
    • View the license agreement and then click I Agree.
    • Click Download Now.
    • Install the files. Extract the file: unrestricted.zip into a directory of your choice. Copy the .jar files from the extraction directory to following directoriy: /usr/WebSphere/AppServer/java/jre/lib/security
    • Restart the server.

Tags : , ,


Avatar: Anonymous

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

 Thanks for your pst. It really helped me resolve the problem I was battling for entiore day. Thanks

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

 Thank you for your post. I helped solve a IBM Connections mail error that has been bugging me for days. Cheers

Avatar: Anonymous

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

I had the same problem on an IBM Domino 9.0.1 FP3 server. The error message was "RSA premaster secret error" after the certificate was upgraded to RSA 4096 with SHA-256.

After applying the new unrestricted policy files, everything worked again.

Thank you for this post!

Andy Brunner

email andy.brunner@abdata.ch

Avatar: Anonymous

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

I had the following issue as well after the certificate was upgraded to RSA 4096 with SHA-256. Thanks for the solution.

Avatar: Michael Urspringer

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

 Thanks, helped me today as well ;-)

Re: Premaster RSA secret error with 4096-bit encryption in WAS ISC

Thanks for this post. I had the same issue with  third party service provider. 


Add a comment Send a TrackBack