VeriSign's TSIK assumes the installation of a JCE provider, which in this case is Bouncy Castle JCE. C.7.1 Windows PlatformDownload the jar file, tsik1_3.jar from the site http://www.xmltrustcenter.org/developer/verisign/tsik/download.htm into a temporary directory. Verify the signature using Sun's jarsigner tool, as shown in Figure C-6. You may need to specify the full path of "tsik1_3.jar" if necessary. The output should display " jar verified ." Uncompress the tsik1_3.jar into a temporary directory and extract all files. Copy the files jce.jar , tsik.jar , xml_pilot_key.jar and xml_prod_key. jar from your %tsik%\jars into %JWSDP%\common\lib . Figure C-6 Verify TSIK Binary DistributionD:\> jarsigner -verify -keystore D:\J2SE\jre\lib\security\cacerts tsik1_3.jar Figure C-7 J2SE Security Provider Class Set-up security.provider.1=sun.security.provider.Sun security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider #security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider Download the JCE provider bcprov-jdk14-113.jar from the BouncyCastle provider located at http://www.bouncycastle.org/latest_releases.html . Copy the provider jar file to your J2SE directory %JAVA_HOME%\jre\lib\ext . Then modify your %JAVA_HOME%\jre\lib\security\java.security file to insert the org.bouncycastle.jce.provider.BouncyCastleProvider class as the number 2 security provider. It should look like Figure C-7: Remember to add these newly added jar files to your CLASSPATH . C.7.2 Unix PlatformThe installation procedure is similar to that of the Windows version. Download the tsik1_3.jar TSIK distribution and extract to your target location. Similar to the Windows version installation, you can extract the TSIK distribution to your target location and move the TSIK jar files subdirectory to JWSDP's common/lib sub-directory (for example, /opt/jwsdp/webapps/common/lib ). You need to modify the JRE security library settings and add the Bouncy Castle JCE Provider as well. |