java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer

Asked 16/3, 2012 at 22:15 Answered 16/11, 2021 at 20:31

In working on a different problem (related to RMI), I upgraded the system's "security folder" with the "unlimited strength" policy files and now my applicaiton fails in a different way. I get a long stack dump, of which following bits appear pertinent:

Exception in thread "main" java.lang.ExceptionInInitializerError

[...crop...]

Caused by: java.lang.SecurityException: Can not initialize cryptographic mechanism
        at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
        ... 17 more
Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a trusted signer!

[...crop...]

Um, WTF? The ONLY change was that I moved the orignal jar files aside and added the unlimited ones in $JAVA_HOME/lib/security. That directory now looks like this:

$ ls
blacklist      javaws.policy               trusted.libraries
cacerts        local_policy.jar            US_export_policy.jar
java.policy    local_policy.jar.strong     US_export_policy.jar.strong
java.security  local_policy.jar.unlimited  US_export_policy.jar.unlimited

Of course, the .strong and .unlimited version are there so I can switch back quickly.

The directions were short and plain, and it would appear that they ONLY envision the replacement of these two files (local_policy.jar and US_exportpolicy.jar).

What else is there to do?

Note that the versions of java and the policy files are the very youngest to date: 1.7.0_03, and jce_policy-6, respectively.

P.S. The article of similar title, found here, was of no help at all.

Zadoc answered 16/3, 2012 at 22:15 Comment(1)

The use of an exclamation mark in the exception message made me lol – Mephitic 5/9, 2018 at 20:36

Rather than mixing runtime and policy file versions, you should use the policy files for Java 7.

Dejecta answered 16/3, 2012 at 22:31 Comment(8)

Oh My Friggen Gawd, I Sure TRIED to get the very latest and was annoyed that I only found v 6. I made several attempts to be sure I got the latest. How in heck did I miss it and you find it?!@?! Oh well, I'll chalk this up to Oracle not having the most clear download site! -wink!- Thanks again. – Zadoc 16/3, 2012 at 22:40

Or, -heavy-sigh- the real culpret is working too late: I had already downloaded the right one, but installed the wrong one! -frown- Oh well, I shouldn't be working such long hours, I s'pose. – Zadoc 16/3, 2012 at 22:45

i am getting the same error even after replacing the Jars in my JRE.. I have JRE 1.7.32 running in my Websphere. I followed these steps. www-01.ibm.com/support/docview.wss?uid=swg21635319 when i used the jars " Unrestricted SDK JCE Policy files for Java 5.0 SR16, Java 6 SR13, Java 7 SR4 and later versions ", i get Caused by: Java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers! Even after replacing the jars. I am sure there is some issue withthe security signers. Can anyone please let me know the workaround for this? – Stratfordonavon 13/9, 2014 at 3:37

can you guys please help me out? Or can you guys please recommend a websphere support forum? – Stratfordonavon 16/9, 2014 at 12:50

@Stratfordonavon It sounds like your question might require some knowledge specific to IBM's JRE. You should post a new question, focusing on IBM. – Dejecta 16/9, 2014 at 14:26

@Stratfordonavon kpamu answered your question (provided a solution) via an answer to this same question - just FYI, maybe you've already solved your problem by now! – Zadoc 4/3, 2015 at 19:25

Sure @RichardT, I will have a look at it. – Stratfordonavon 5/3, 2015 at 1:24

Downloading and then adding two policy jars to "..jre\lib\security\policy" folder resolved this issue for me. Thanks! – Byer 11/2, 2021 at 7:31

This happens when Java version does not match with the version of policy files. You can download the relevant policy files from following links.

Policy jars for Java 8
Policy jars for Java 7
Policy jars for Java 6

Quantitative answered 17/7, 2013 at 12:45 Comment(1)

Installation following README.txt in the download doesn't have any effect for OpenJDK 1.8.0_111 on Ubuntu 16.10. – Centiare 30/11, 2016 at 1:5

Its possible that you have different versions of the JDK. For example if your JAVA_HOME points to version 7, but in your path version 6 shows up before version 7, this error could pop up.

Marilumarilyn answered 21/4, 2016 at 8:56 Comment(1)

This was a good tip. My JAVA_HOME wasn't even set, and as soon as I set it, this error went away. Thankful I read down here, because the top answer is much more involved and probably wouldn't have fixed the problem for me. – Mello 21/12, 2016 at 18:13

This could happen if there are standard policy jar files somewhere in the classpath. I suggest to find and replace all the local_policy.jar and us_export_policy.jar files with the unrestricted versions of these jars in your machine. If you are using IBM's WAS/Portal Server/RAD, here is the link to the unrestricted JCE policy jars.

Unswear answered 16/9, 2014 at 15:56 Comment(1)

I had to dowload Unrestricted SDK JCE policy files for older releases www-01.ibm.com/marketing/iwm/iwm/web/reg/… www-01.ibm.com/support/docview.wss?uid=swg21635319 – Sectorial 13/12, 2015 at 12:30

While changing the version in your local or server, You should copy original jre/lib/security folder as security8 and remove cacerts which refers to efs and instead copy from old security8. This worked for me.

Nial answered 16/11, 2021 at 20:31 Comment(0)

Recommended topics

Hot tags