Blog Archive

iSeries Java Https URL Connection using Java Secure Socket Extension (JSSE)

How to use Sun Microsystems JSSE provider on iSeries(AS400) for Java HttpsURLConnection?

Issue: package com.sun.net.ssl.internal.ssl does not exist
You need jsse.jar in your project classpath. Also you need to modify the java.security property file with the following settings mentioned below.

A Java™ virtual machine (JVM) uses many important security properties that you set by editing the Java master security properties file. This file, named java.security, usually resides in the /QIBM/ProdData/Java400/jdk6/lib/security directory on your server.
security.provider.1=com.sun.net.ssl.internal.ssl.Provider 
ssl.KeyManagerFactory.algorithm=SunX509      
ssl.TrustManagerFactory.algorithm=SunX509    
ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl               
ssl.ServerSocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl

TIP: In iSeries V7R1 the JAVA_HOME is /QOpenSys/QIBM/ProdData/JavaVM/.........

The following list describes several relevant security properties for using JSSE. Use the descriptions as a guide for editing the java.security file.
security.provider.<integer>
The JSSE provider that you want to use. Also statically registers cryptographic provider classes. Specify the different JSSE providers exactly like the following example:
security.provider.5=com.ibm.i5os.jsse.JSSEProvider
security.provider.6=com.ibm.jsse2.IBMJSSEProvider2
security.provider.7=com.sun.net.ssl.internal.ssl.Provider
ssl.KeyManagerFactory.algorithm
Specifies the default KeyManagerFactory algorithm. For the native System i5® JSSE provider, use the following:
ssl.KeyManagerFactory.algorithm=IbmISeriesX509 
For the IBM® pure Java JSSE provider, use the following:
ssl.KeyManagerFactory.algorithm=IbmX509 
For the Sun Microsystems, Inc. pure Java JSSE provider, use the following:
ssl.KeyManagerFactory.algorithm=SunX509
For more information, see the Javadoc for javax.net.ssl.KeyManagerFactory.
ssl.TrustManagerFactory.algorithm
Specifies the default TrustManagerFactory algorithm. For the native System i5 JSSE provider, use the following:
ssl.TrustManagerFactory.algorithm=IbmISeriesX509 
For the IBM pure Java JSSE provider, use the following:
ssl.TrustManagerFactory.algorithm=IbmX509 
For the Sun Microsystems, Inc. pure Java JSSE provider, use the following:
ssl.TrustManagerFactory.algorithm=SunX509

ssl.SocketFactory.provider
Specifies the default SSL socket factory. For the native System i5 JSSE provider, use the following:
ssl.SocketFactory.provider=com.ibm.i5os.jsse.JSSESocketFactory 
For the IBM pure Java JSSE provider, use the following:
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl 
For the Sun Microsystems, Inc. pure Java JSSE provider, use the following:
ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl 

ssl.ServerSocketFactory.provider
Specifies the default SSL server socket factory. For the native System i5 JSSE provider, use the following:
ssl.ServerSocketFactory.provider=com.ibm.i5os.jsse.JSSEServerSocketFactory 
For the pure Java JSSE provider, use the following:
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
For the Sun Microsystems, Inc. pure Java JSSE provider, use the following:
ssl.ServerSocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl