diff --git a/buildenv/jenkins/openjdk_tests b/buildenv/jenkins/openjdk_tests
index c3c6755132..f0382e2092 100644
--- a/buildenv/jenkins/openjdk_tests
+++ b/buildenv/jenkins/openjdk_tests
@@ -468,6 +468,14 @@ def runTest() {
                 ]
             }
         }
+        if (params.TEST_FLAG == "OpenJCEPlus") {
+            def javaSecurityFile = "${env.WORKSPACE}/aqa-tests/config/openjceplus/jdk${params.JDK_VERSION}/java.security"
+            if (!fileExists(javaSecurityFile)) {
+                javaSecurityFile = "${env.WORKSPACE}/aqa-tests/config/openjceplus/jdk/java.security"
+            }
+            echo "Set -Djava.security.properties=${javaSecurityFile} in EXTRA_OPTIONS"
+            env.EXTRA_OPTIONS += " -Djava.security.properties=${javaSecurityFile}"
+        }
         jenkinsfile = load "${WORKSPACE}/aqa-tests/buildenv/jenkins/JenkinsfileBase"
         if (LABEL.contains('ci.agent.dynamic') && CLOUD_PROVIDER.equals('azure')) {
             //Set dockerimage for azure agent. Fyre has stencil to setup the right environment
diff --git a/config/openjceplus/jdk/java.security b/config/openjceplus/jdk/java.security
new file mode 100644
index 0000000000..5618471f6d
--- /dev/null
+++ b/config/openjceplus/jdk/java.security
@@ -0,0 +1,16 @@
+# Add OpenJCEPlus to the top of the provider list. This file should be kept in sync with
+# the out of the box security provider list except for placing OpenJCEPlus at the highest
+# priority.
+security.provider.1=com.ibm.crypto.plus.provider.OpenJCEPlus
+security.provider.2=SUN
+security.provider.3=SunRsaSign
+security.provider.4=SunEC
+security.provider.5=SunJSSE
+security.provider.6=SunJCE
+security.provider.7=SunJGSS
+security.provider.8=SunSASL
+security.provider.9=XMLDSig
+security.provider.10=SunPCSC
+security.provider.11=JdkLDAP
+security.provider.12=JdkSASL
+security.provider.13=SunPKCS11
diff --git a/config/openjceplus/jdk21/java.security b/config/openjceplus/jdk21/java.security
new file mode 100644
index 0000000000..5618471f6d
--- /dev/null
+++ b/config/openjceplus/jdk21/java.security
@@ -0,0 +1,16 @@
+# Add OpenJCEPlus to the top of the provider list. This file should be kept in sync with
+# the out of the box security provider list except for placing OpenJCEPlus at the highest
+# priority.
+security.provider.1=com.ibm.crypto.plus.provider.OpenJCEPlus
+security.provider.2=SUN
+security.provider.3=SunRsaSign
+security.provider.4=SunEC
+security.provider.5=SunJSSE
+security.provider.6=SunJCE
+security.provider.7=SunJGSS
+security.provider.8=SunSASL
+security.provider.9=XMLDSig
+security.provider.10=SunPCSC
+security.provider.11=JdkLDAP
+security.provider.12=JdkSASL
+security.provider.13=SunPKCS11