EFT Server displays FIPS-related messages when switching to/from FIPS modes, starting/restarting EFT Server or Site, making administration interface connections, or managing certificates. EFT Server presents messages in the administration interface and in the Windows Event Log and allows you to correct the error. That is:
A FIPS initialization error at Server startup does not stop the EFT Server service. Instead, the service is started and listening for administrator connections, but the Sites are stopped so that you can connect, get diagnostics, disable FIPS mode, and so on.
An administrator SSL certificate failure at Server startup does not stop the EFT Server service immediately. Instead, EFT Server starts, but does not accept SSL administrative connections. The administrator is able to login locally, get diagnostics, replace the certificate, and so on.
An administrator SSL certificate failure after SSL FIPS mode switching does not stop the EFT Server service. Instead, EFT Server continues working, but does not accept SSL administrative connections. The Administrator can connect to replace the certificate, and so on.
EFT Server displays the following FIPS-related messages in the administration interface.
When EFT Server is in SSL or SSH FIPS mode, this message reports which Site protocols are FIPS-secured and which are not each time the Administrator explicitly starts the Site (e.g., clicks Go).
This warning message appears upon new administration connections if FIPS fails to initialize. FIPS can fail to initialize because EFT Server could not load the FIPS library or the library self-test failed. When this occurs, EFT Server is stopped and all Sites and protocols are disabled.
This message appears in the administration interface during Server start or restart when FIPS fails to initialize. FIPS can fail to initialize because EFT Server could not load the FIPS library or the library self-test failed. When this occurs, EFT Server is stopped and all Sites and protocols are disabled.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SSL and its certificate does not meet FIPS requirements (e.g., FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SFTP and its key does not meet FIPS requirements (e.g., FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message appears during new administration interface connections if a Site uses SSL and its certificate does not meet FIPS requirements or uses SFTP and its key does not meet FIPS requirements (e.g., FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message is used in to notify all connected administration interfaces if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message is used during new administration interface connections if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
These informational messages appear in the administration interface to notify all connected administration interfaces when an administrator explicitly switches SSL or SSH FIPS mode or FIPS mode is disabled due to trial expiration.
EFT Server displays the following FIPS-related events in the Windows Event Log.
This error message appears in the Event Log upon the EFT Server service start or restart if FIPS fails to initialize. FIPS can fail to initialize because EFT Server could not load the FIPS library or the library self-test failed. When this occurs, EFT Server service is stopped and all Sites and protocols are disabled.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SSL and its certificate does not meet FIPS requirements or uses SFTP and its key does not meet FIPS requirements (e.g., FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message appears in the Event Log if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This informational messages appear in the Event Log when an administrator explicitly switches SSL or SSH FIPS mode or FIPS mode is disabled due to trial expiration.
This informational message appears in the Event Log every time the EFT Server service starts or restarts to report its successful FIPS mode initialization.