EBIFour.com > Training > Clarify QRGs > How-to Update Clarify Server for 2048 Key Sizes

How-to Update Clarify Server for 2048 Key Sizes

17th April 2020

By default the Cleo Clarify Server supports key sizes of 1024. Clarify users that want to implement SFTP or HTTPs Webservices where the server implements a cert with a key size of 2048, can follow the instructions below.

Background - BouncyCastle

To start the process, we will update the BouncyCastle security provider on the Clarify Server instance. We will configure Clarify’s bundled JRE to use the BouncyCastle security provider as its primary provider.

Once updated we will restart the Clarify server.

Note: This is a short term solution that doesn`t require code change until Clarify gets upgraded to use Java 8.

1. Download .jar file

Place the DOWNLOADABLE BouncyCastle jar file, bcprov-jdk16-144.jar into the directory: <CLARIFY_SERVER_DIR>/jre/lib/ext.

2. Update java.security file

1. In the <CLARIFY_SERVER_DIR>/jre/lib/security directory, Edit the file java.security using a text editor.

2. Scroll down in the java.security file to locate the list of providers, and add a new line at the very top of the list:

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider

3. For all of the previous entries in the list, increment their numbers by 1  (the previous the security.provider.1 becomes security.provider.2, and so on).  The list should end up looking similar to the following example:

# List of providers and their preference orders (see above):

#

security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI

4. Save the file.
5. Stop the Clarify Service, and then start it again.

Example of java.security completed


By: on