Problems running Symantec Protection Engine (SPE) 7.0 on Solaris 11 with JRE 1.7 update 4 and later.

Article Id: 157069

Status: Published

Updated On: 30-09-2012 18:22

Legacy Id: TECH196913

Products:

Protection Engine for Cloud Services , Protection Engine for NAS

Issue/Introduction:

Symantec Protection Engine 7.0 does not start properly when installed with JRE 1.7.0_04 or later on Solaris 11.

Resolution:

JRE 1.7.0_04 and later uses default security provider as “com.oracle.security.ucrypto.UcryptoProvider” on Solaris 11. This provider accesses the underlying native(T4) crypto library without going through the PKCS11 layer. This causes JVM crash while creating SSL socket context in Symantec Protection Engine Java server.

To change default Java security provider to "sun.security.pkcs11.SunPKCS11" go to <Java_installation_dir>/jre/lib/security and replace the following lines in "java.security" configuration file

security.provider.1 = com.oracle.security.ucrypto.UcryptoProvider ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg
security.provider.2 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg

with

security.provider.1 = sun.security.pkcs11.SunPKCS11 ${JAVA.EN_US}/lib/security/sunpkcs11-solaris11-solaris.cfg
security.provider.2 = com.oracle.security.ucrypto.UcryptoProvider ${JAVA.EN_US}/lib/security/ucrypto-solaris.cfg