Problem:

• Product Name : BES AppServer
• Product version : 5.x
• JDK Version: JDK 1.3.1 and above
• Product Component: Module ias, partition, vaultgen and security

Java Cryptography Extension (JCE) 1.2.1 Package that was shipped with BES 5.x expired on 27th Jul 2005 according to Sun. This problem doesn't happen when BES (ias or partition) is started with JDK 1.4.x.

When starting up BES 5.x server, ias or partition process exits with the following exception (using JDK 1.3.1)

Borland Enterprise Server UNRECOVERABLE ERROR: Unable to initialize the server"s management ORB
org.omg.CORBA.INITIALIZE: Could not initialize null minor code: 0 completed: No
at com.borland.security.core.Init.pre_init(Init.java:587)
at com.inprise.vbroker.orb.ORB.initialize(ORB.java:1144)
at com.inprise.vbroker.orb.ORB.set_parameters(ORB.java:1317)
at org.omg.CORBA.ORB.init(ORB.java:324)
at com.sun.server.ServerProcess.run(ServerProcess.java:312)
at com.inprise.server.IAS.main(IAS.java:145)

For BES VisiBroker Edition 5.x, application can also throw following exception:

java.lang.SecurityException: Cannot set up certs for trusted CAs

Resolution:

The library, jce1_2_1.jar, can be found under BES-INSTALL/lib folder. Please download jce1_2_2 from Sun JDC to replace jce1_2_1.jar. The following steps can be followed to update the files:

1. Download jce1.2.2 from Sun Download Center. The download will contain the following files:

• jce1_2_1.jar
• local_policy.jar
• sunjce_provider.jar
• US_export_policy.jar

2. Backup the following files under the BES-INSTALL/lib directory:

• jce1_2_1.jar
• local_policy.jar
• sunjce_provider.jar
• US_export_policy.jar

3. Copy those files downloaded in step 1 into BES-INSTALL/lib directory.

Only BES AppServer Edition should continue with step 4.

4. Modify "addpath $var(installRoot)/lib/jce1_2_1.jar" to "addpath $var(installRoot)/lib/jce1_2_2.jar" in BES-INSTALL/bin/bmsagent.config, bmsserver.config, ias.config and partition.config files.

Note: On Unix platforms, also edit BES-INSTALL/bin/vaultgen and BES-INSTALL/bin/vbj and BES-INSTALL/bin/vbjc files to replace jce1_2_1.jar with jce1_2_2.jar.

Important Notice

According to Sun, End-of-lifecycle of JCE 1.2.2 for JDK 1.2 & JDK 1.3 will be on March 2006. Therefore, there is a great concern among BES 5.x (JDK 1.3.x) customers whether they will be facing a similar problem with JCE 1.2.2 in the future.

As per Sun's document on bugfixes in JCE1.2.2, JCE services will not be disrupted even if the signer's certificate for a JCE provider has expired. Hence, there will be no such issue with JCE 1.2.2.

You can find more background information at Java-Security newsgroups regarding the cause and the resolution of the JCE 1.2.1 issue as extracted below:

"The validation code which checked for certificate expiration was only found in JCE 1.2.1. It *WAS REMOVED* from JCE 1.2.2 and all successive releases like JCE in JDK 1.4.x and 5.x (and soon in 6.x). This expiration problem was the primary reason for releasing JCE 1.2.2 over three years ago. Export control regulations changed following the release of JCE 1.2.1, and Sun released 1.2.2 shortly thereafter so that customers wouldn't have this expiration problem. Hence, *BOTH* JDK 1.3.x and JCE 1.2.2 should continue to work after their EOL (i.e., March 30th, 2006), but will *no longer* be supported."

A further note, Borland Enterprise Server 5.x will not be supported after 31st December, 2005. If you want to get extended support for your BES 5.x, you should contact Borland Support in your region.