Issues with SHA-2 certificate on Web sphere 6.0

Hello,

I coud'nt make WAS 6.0 read my sha-2 certificate.
WAS is configured with "global security" option, I import the certificate to the "DummyTrustFile" of cell and node using jdk1.5 keytool 'cause with native keytool it's not possible, the algorithm is not recognized. I also put the certificate on "cacerts" but no chance to have WAS recognized it.
I've added "gnu-crypto" jars and make changes on java.security but no chance.
I've tested on separate jdk1.4.08 and it works fine and quickly by importing the certificate using recent keytool and the program works.

Any help please to configure this on WAS 6.0

Rachid,
brachidAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
WAS 8.5.0.x support SHA-2 already and latest. WAS 6.0 is out-dated and not supported any longer. Do re-consider going into depth for troubleshooting as eventually the upgrade is worthy the effort instead. The list of cipher to be supported is not only in SHA-2, e.g. support for TLS1.2. WAS (if you are into hardening aspect), should consider the compliance for SP800-131 which IBM has the strict mode - only SHA-2 family  (e.g. on deployment manager, update SSL protocol to require TLSv1.2 to be compliant with SP800-131). For TLS1.2 support by IBM,
Delivered in Java Cryptography Extension (JCE) and Java Secure
Socket Extension (JSSE) parts of the IBM SDK.
– IBM JDK 6.0 SR10
– IBM JDK 6.26 SR1
– IBM JDK 7.0 SR1
https://www-01.ibm.com/support/knowledgecenter/#!/SSYMRC_5.0.0/com.ibm.jazz.install.doc/topics/c_support_nist_sp800-131.html
Web Services security runtime is updated to include the
support to use SHA-2 signature algorithms (such as RSA-SHA256,
HMAC-SHA256, RSA-SHA512, HMAC-SHA512 etc..) to produce digital
signatures while securing web services application messages.

The fix for this APAR is currently targeted for inclusion in
fix pack 7.0.0.25 and 8.0.0.4 and 8.5.0.1.
http://www-01.ibm.com/support/docview.wss?uid=swg1PM62842
Sharing in highlighting SHA-2 support - https://www-304.ibm.com/support/knowledgecenter/#!/websphere_iea/com.ibm.iea.was_v8/was/8.0.0.4/Security/WAS8004_Support_SHA_Algorithms/player.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
i also noticed that there is past issue pertaining to SHA-256 algorithm is provided by IBMJCE provider in IBMJDK, which is not included in the temporary security providers list used during JAR verification. The defect is fixed in 6.0.0 SR12 and 6.0.1 SR4

[IV25042] Error Message: Command "jarsigner -verify <JAR signed using SHA-256>" will give "jar is unsigned" message.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.