Previous Topic: Permission Denied ErrorsNext Topic: Error During Security Discipline Reconfigure Using E1MI0010 or E1MI0020

Installation and Configuration TroubleshootingHardware Encryption Error (CHORJBOS Does Not Start)

Hardware Encryption Error (CHORJBOS Does Not Start)

Symptom:

The following hardware encryption error is received:

Caused by: com.ibm.crypto.hdwrCCA.provider.JCECCARuntimeException:
Hardware error from call CSNBRNGL returnCode 16reasonCode 4
com.ibm.crypto.hdwrCCA.provider.SecureRandom.engineNextBytes
(SecureRandom.java:104)
java.security.SecureRandom.nextBytes(SecureRandom.java:287)

The CA Chorus JBoss server does not start.

The default java.security that is in use for the JVM contains a provider definition that cannot be supported by the hardware.

Solution:

This problem can be remedied by following these steps:

  1. Copy the java.security file from its default location in $JAVA_HOME/lib/security to the CA Chorus directory $INSTALL_HOME/config.
  2. Edit the copy of java.security in $INSTALL_HOME/config as follows:

    Note: This file is in EBCDIC format.

    1. Locate the following entry in the list of security provider definitions in this file. 
      security.provider.2=com.ibm.crypto.hdwrCCA.provider.IBMJCECCA

      Note: The index number may be different.

    2. Delete the line that you located in the previous step, and adjust the index numbers of the remaining security.provider entries accordingly.
    3. Save the edited file.
  3. Edit the ENVETJ member of the CA Chorus CETJOPTN data set as follows:
    1. Insert the following line immediately above export IBM_JAVA_OPTIONS=”$IJO”: 
      IJO=”$IJO -Djava.security.properties=${INSTALL_HOME}/config/java.security”
    2. Save the edited file.