This tutorial explains how to configure your Code42 server to accept SSL and single sign-on (SSO) encryption keys that exceed the Java import limits on cryptographic algorithms. To remove the limitations on encryption key length, download and install Oracle’s Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, as outlined below.
Installing the JCE may be necessary if you are:
- Configuring SSO or SSL in your Code42 environment for the first time.
- Upgrading Java on a Code42 server on which you previously installed the JCE (because upgrading Java removes the JCE update).
SSO identity provider encryption keys
If your Code42 environment is configured to authenticate users with an SSO identity provider that uses encryption keys that exceed the Java import limits on cryptographic algorithms, such as Microsoft AD FS, you may need to install the JCE to allow users to sign in.
When a user fails to sign in due to the length of the SSO identity provider's encryption key, the authority server logs the following error:
[11.25.14 07:24:19.315 ERROR jetty-web-3057 org.opensaml.xml.encryption.Decrypter ] Error decrypting the encrypted data element org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size Original Exception was java.security.InvalidKeyException: Illegal key size
- The Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are not available for download in some countries.
- The JCE files must be installed in the Java directory on your authority server's file system. This article assumes that your authority server uses one of these Java configurations:
- Linux: Java installed by the Code42 server install script
- Windows: Java bundled with the Code42 server installer
- You must have administrative access to the file system of the server that hosts your authority server to install the JCE files.
- Whenever you upgrade Java, the JCE is overwritten and must be installed again.
You cannot access the file system of a managed appliance. For assistance installing the JCE files, contact your PRO Services representative.
Step 1: Identify your Java version
Determine which Oracle Java version is installed on the host server.
- On your authority server, navigate to your logs folder.
- Linux: /var/log/proserver
Applies to Code42 servers installed as root on Ubuntu
- Windows: C:\Program Files\CrashPlan PROe Server\logs
- Linux: /var/log/proserver
- Open app.log in a text editor.
- The Java virtual machine version is displayed. For example:
JVM = Java(TM) SE Runtime Environment (1.7.0_80-b15, 64-bit)
Step 2: Install the Java cryptography extension
- Download the Java Cryptography Extension (JCE) that matches your Java version:
- Extract the downloaded file.
- Place the local_policy.jar and US_export_policy.jar files on your Code42 server in the appropriate directory:
C:\Program Files\CrashPlan PROe Server\jre\lib\security
- (Linux) Make sure the ownership and permissions for the local_policy.jar and US_export_policy.jar files match the parent directory.
- Restart the Code42 server service.