FIM 3.1.2 - CryptoJ jar causing signature verification errors with md2 signature algorithm
Originally Published: 2008-05-22
Article Number
Applies To
IBM WebSphere 6.0.2
Crypto J jar version 3.5.2 - jsafeJCEFIPS.jar in security.providers
Certificate caontains an md2RSA hash
Issue
signature verification error in system log
2008-05-05 20:52:06,042, (SSOHelper.java:608), uhaps004, , , , SSO top-level profile exception: , com.rsa.fim.exception.ProfileException: The response signature cannot be verified: The message is signed, but the signature cannot be verified
Cause
Resolution
Apply one of the following three solutions:
- Move the jsafeJCEFIPS.jar to the bottom of the security providers list or at least below the IBM versions of Jsafe com.ibm.crypto.provider.IBMJCE or com.ibm.crypto.fips.provider.IBMJCEFIPS.
- Replace the certs with signature algorithms other than MD2, such as SHA1
- Obtain hotfix FIM 3.1.2.5 which uses version 4.0 of the jsafeJCEFIPS. jar and add "com.rsa.cryptoj.jce.fips140initialmode=NON_FIPS140_MODE" to the bottom of the java.security file. This will turn off forced FIPS compliance ( added since CRYPTOJ 3.6 version) which would not of allowed md2 certs to be used.
Related Articles
How to resolve RSA ACE/Agent certificate issues in ACE NAP Number of Views How to resolve an ORA-30036 UNDO Tablespace error in RSA Identity Governance & Lifecycle Number of Views Resolving collector mapping and unification issues in RSA Via Lifecycle and Governance Number of Views RSA Authentication Manager 8.7 SP1 Patch 1 Readme Number of Views RSA Authentication Manager 8.7 SP1 Patch 1 Web Tier Readme Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
