Illegal key size error in PIM


Article ID: 182880


Updated On:


CA Privileged Identity Management Endpoint (PIM)


After an OS upgrade from W2K8R2 to W2K12R2 and Privileged Identity Management reinstallation (using previous "FIPSkey.dat" and data), Session Recording and other components have stopped working. For those components not working properly the corresponding log (e.g. ProxyManager.log) contains many errors with the Illegal key size string.

For instance, in ProxyManager.log of a CA PIM 12.9.X installation where the problem is occurring, one can see    :153   | Illegal key size


When installing ENTM it is necessary to have Strong Encryption for Java enabled. See

This is done by replacing or updating the Java Cryptography Extension (JCE) Unlimited Jurisdiction Policy files to support high-strength cipher suites. If the OS or Java were replaced, chances are the changes made earlier have been lost and remediation is necessary


CA PIM 12.8.X, 12.9.X and 1.X and CA PAM SC 14.X on Linux or Windows


To correct this situation, please reapply the JCE-updating script mentioned in the documentation (see link above) or follow this manual procedure:

  • For JDK 1.8_151 and later:
    • Navigate to the jdk_home/jre/lib/security directory and open the file.
    • Uncomment the following line: crypto.policy=unlimited
    • Save the file.
  • For the other previous versions of JDK, proceed as follows: 
    • Locate the JCE package for your operating system from the Oracle website and download it 
    • Navigate to the jdk_home\jre\lib\security directory on your system and apply the patch to the following files: local_policy.jar and US_export_policy.jar