Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Installing the Unrestricted Java Cryptography Extension

 

The Java Cryptography Extension (JCE) is a Java framework that is required to decrypt advanced cryptography algorithms for AES 192-bit or AES 256-bit SNMPv3 traps.

Each managed host that receives SNMPv3 high-level traps requires the unrestricted JCE. If you require advanced cryptography algorithms for SNMP communication, you must update the existing cryptography extension on your managed host with an unrestricted JCE.

  1. Using SSH, log in to your JSA Console.
  2. To verify the version of Java on the Console, type the following command:

    java -version.

    The JCE file must match the version of the Java installed on the Console.

  3. Download the latest version of the Java Cryptography Extension from the Juniper website.
  4. Secure copy (SCP) the local.policy.jar and US_export_policy.jar file to the following directory of the Console:

    /opt/ibm/java-[version]/jre/lib/security/.

  5. Optional. Distributed deployments require administrators to copy the local.policy.jar and US_export_policy.jar files from the Console appliance to the managed host.

You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.