This tutorial explains how to configure your enterprise server to accept SSL and single sign-on (SSO) encryption keys that exceed the Java import limits on cryptographic algorithms. To remove the limitations on encryption key length, download and install Oracle’s Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, as outlined below.
Installing the JCE may be necessary if you are:
- Configuring SSO or SSL in your Code42 environment for the first time.
- Upgrading Java on an enterprise server on which you previously installed the JCE (because upgrading Java removes the JCE update).
SSO identity provider encryption keys
If your Code42 environment is configured to authenticate users with an SSO identity provider that uses encryption keys that exceed the Java import limits on cryptographic algorithms, such as Microsoft AD FS, you may need to install the JCE to allow users to sign in.
When a user fails to sign in due to the length of the SSO identity provider's encryption key, the master server logs the following error:
[11.25.14 07:24:19.315 ERROR jetty-web-3057 org.opensaml.xml.encryption.Decrypter ] Error decrypting the encrypted data element org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size Original Exception was java.security.InvalidKeyException: Illegal key size
- The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are not available for download in some countries.
- The JCE files must be installed in the Java directory on your master server's file system. This article assumes that your master server uses one of these Java configurations:
- Linux: Java installed by the enterprise server install script
- Windows: Java bundled with the enterprise server installer
- OS X: Oracle JDK
- You must have administrative access to the file system of the server that hosts your master server to install the JCE files.
- Whenever you upgrade Java, the JCE is overwritten and must be installed again.
You cannot access the file system of a managed appliance. For assistance installing the JCE files, contact your PRO Services representative.
Step 1: Identify your Java version
Determine which Oracle Java version is installed on the host server.
- On your master server, navigate to your logs folder.
- Linux: /var/log/proserver
Applies to enterprise servers installed as root on Ubuntu
- Windows: C:\Program Files\CrashPlan PROe Server\logs
- OS X: /Library/Logs/PROServer
- Linux: /var/log/proserver
- Open app.log in a text editor.
- The Java virtual machine version is displayed. For example:
JVM = Java(TM) SE Runtime Environment (1.7.0_80-b15, 64-bit)
Step 2: Install Java cryptography extension
- Download the Java Cryptography Extension (JCE) that matches your Oracle Java version:
- Extract the downloaded file.
- Place the local_policy.jar and US_export_policy.jar files on your enterprise server in the appropriate directory:
C:\Program Files\CrashPlan PROe Server\jre\lib\security
- OS X:
[vn]with the Java version installed on the OS X host server.
- (Linux and OS X) Make sure the ownership and permissions for the local_policy.jar and US_export_policy.jar files match the parent directory.
- Restart the enterprise server service.