Premaster RSA secret error with 4096-bit encryption in WAS ISC

Had a customer the other day that couldn’t import their SSL certificate into the WebSphere Application Server (WAS) Integrated Solutions Console (ISC) due to a “RSA premaster secret” error being shown when attempting the import. A PMR with IBM Support confirmed my suspicion that export restrictions was in play. Here is the response from IBM Support.

The premaster RSA secret error with 4096-bit encryption is usually due to the unrestricted JCE policy requirement.

Please, try to install the unrestricted policy files as follow:

  • Take existing jar file backup from /usr/WebSphere/AppServer/java/jre/lib/security
  • Go to the following website:
    • Click Java SE 6
    • Click IBM SDK Policy files. The Unrestricted JCE Policy files for the SDK website is displayed.
    • Click Sign in and provide your IBM ID and password or register with IBM to download the files.
    • Select Unrestricted JCE Policy files for SDK for all newer versions (version 1.4.2 and higher) and click Continue.
    • View the license agreement and then click I Agree.
    • Click Download Now.
    • Install the files. Extract the file: into a directory of your choice. Copy the .jar files from the extraction directory to following
      directoriy: /usr/WebSphere/AppServer/java/jre/lib/security
    • Restart the server.

6 thoughts on “Premaster RSA secret error with 4096-bit encryption in WAS ISC”

  1. I had the same problem on an IBM Domino 9.0.1 FP3 server. The error message was "RSA premaster secret error" after the certificate was upgraded to RSA 4096 with SHA-256.

    After applying the new unrestricted policy files, everything worked again.

    Thank you for this post!

    Andy Brunner



Comments are closed.