Had a customer the other day that couldn’t import their SSL certificate into the WebSphere Application Server (WAS) Integrated Solutions Console (ISC) due to a “RSA premaster secret” error being shown when attempting the import. A PMR with IBM Support confirmed my suspicion that export restrictions was in play. Here is the response from IBM Support.
The premaster RSA secret error with 4096-bit encryption is usually due to the unrestricted JCE policy requirement.
Please, try to install the unrestricted policy files as follow:
- Take existing jar file backup from /usr/WebSphere/AppServer/java/jre/lib/security
- Go to the following website: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- Click Java SE 6
- Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
- Click Sign in and provide your IBM ID and password or register with IBM to download the files.
- Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
- View the license agreement and then click I Agree.
- Click Download Now.
- Install the files. Extract the file: unrestricted.zip into a directory of your choice. Copy the .jar files from the extraction directory to following
- Restart the server.