After updating IBM WebSphere to the latest patch containing IBM JDK 1.8.0_291 (or later), RSA Identity Governance & Lifecycle fails to start and logs the following message in system.out and aveksaServer.log file:
[9/23/21 21:45:52:197 CEST] 0000007d SystemOut O ERROR (server.startup : 1) [CheckDatabase] Error reading Aveksa_System.cfg
java.lang.IllegalStateException: An issue with handling encryption was encountered
This issue occurs on the first attempt to load the third-party crypto libraries in the CheckDatabase step.
This issue is caused by changes to the IBM JRE in JDK 1.8.0_291(and later) which removed expired certificates from the "trusted provider verification list" used to sign third-party JCE libraries in the RSA Identity Governance & Lifecycle product. This issue will affect any RSA Identity Governance & Lifecycle deployment on IBM WebSphere where the latest IBM updates have been applied.
This issue will be resolved in a future patch of the product.
Contact RSA Customer Support for more information.
If you are able to revert back to an older version of the IBM JRE, this issue does not occur in IBM JDK 1.8.0_261 and earlier.
This issue is not known to affect deployments on Wildfly or Weblogic.