FIPS Mode Event Messages
EFT displays FIPS-related messages when switching to/from FIPS modes, starting/restarting EFT or Site, making administration interface connections, or managing certificates. EFT presents messages in the administration interface and in the Windows Event Log and allows you to correct the error. That is:
-
A FIPS initialization error at Server startup does not stop the EFT service. Instead, the service is started and listening for administrator connections, but the Sites are stopped so that you can connect, get diagnostics, disable FIPS mode, and so on.
-
An administrator SSL certificate failure at Server startup does not stop the EFT service immediately. Instead, EFT starts, but does not accept SSL administrative connections. The administrator is able to login locally, get diagnostics, replace the certificate, and so on.
-
An administrator SSL certificate failure after SSL FIPS mode switching does not stop the EFT service. Instead, EFT continues working, but does not accept SSL administrative connections. The administrator can connect to replace the certificate, and so on.
FIPS Mode Messages in the Administration Interface
EFT displays the following FIPS-related messages in the administration interface.
<SITENAME> will be started with the following protocols: FIPS-certified protocols: <FIPSPROTOCOLS> Non-FIPS protocols: <NONFIPS> To ensure FIPS-certified operation, please enable only FIPS-certified protocols.
When EFT is in SSL or SSH FIPS mode, this message reports which Site protocols are FIPS-secured and which are not each time the administrator explicitly starts the Site (for example, clicks Go or the Start button on the General tab of the Site).
The EFT is stopped: FIPS mode initialization error. All sites and protocols are disabled.
This warning message appears upon new administration connections if FIPS fails to initialize. FIPS can fail to initialize because EFT could not load the FIPS library or the library self-test failed. When this occurs, EFT is stopped and all Sites and protocols are disabled.
An error occurred while attempting to start EFT. FIPS mode initialization error; all sites and protocols have been disabled.
This message appears in the administration interface during Server start or restart when FIPS fails to initialize. FIPS can fail to initialize because EFT could not load the FIPS library or the library self-test failed. When this occurs, EFT is stopped and all Sites and protocols are disabled.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SSL and its certificate does not meet FIPS requirements (for example, FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SFTP and its key does not meet FIPS requirements (for example, FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message appears during new administration interface connections if a Site uses SSL and its certificate does not meet FIPS requirements or uses SFTP and its key does not meet FIPS requirements (for example, FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message is used in to notify all connected administration interfaces if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message is used during new administration interface connections if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
These informational messages appear in the administration interface to notify all connected administration interfaces when an administrator explicitly switches SSL or SSH FIPS mode or FIPS mode is disabled due to trial expiration.
FIPS Mode Events in the Event Log
EFT displays the following FIPS-related events in the Windows Event Log.
Globalscape EFT - FIPS [SSL|SSH] mode initialization error; all sites and protocols are disabled.
This error message appears in the Event Log upon the EFT service start or restart if FIPS fails to initialize. FIPS can fail to initialize because EFT could not load the FIPS library or the library self-test failed. When this occurs, EFT service is stopped and all Sites and protocols are disabled.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This message appears during Site start/restart if a Site uses SSL and its certificate does not meet FIPS requirements or uses SFTP and its key does not meet FIPS requirements (for example, FIPS mode gets turned on and old certificate/key does not pass the FIPS test). The Site is stopped.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This warning message appears in the Event Log if the SSL certificate for remote administration does not meet FIPS requirements. Remote administration connections via SSL are not accepted.
or, if other certificate error (forbidden algorithms, inconsistent private key, or invalid private key password):
This informational message appears in the Event Log when an administrator explicitly switches SSL or SSH FIPS mode or FIPS mode is disabled due to trial expiration.
Globalscape EFT - FIPS [SSL|SSH] mode initialized successfully; operating in compliance with FIPS 140-2.
This informational message appears in the Event Log every time the EFT service starts or restarts to report its successful FIPS mode initialization.