Enabling FIPS Mode for SSL (HTTPS and FTPS) Connections
After you enable or disable FIPS mode, you must restart the EFT server service. (You must have a Server administrator account in EFT to perform this procedure.)
To enable FIPS mode for SSL Connections
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the Server node on which you want to enable FIPS mode.
-
In the right pane, click the Security tab.
-
In the Federal Information Processing Standards (FIPS) area, select the Use FIPS certified cryptographic libraries for SSH connections check box.
-
Click Apply to save the changes on EFT.
When the EFT Site is started, if FIPS is enabled, a message displays the protocols in use and which of the protocols in use are FIPS certified. When you enable FIPS, the ciphers, key, and hash lengths/types that are not FIPS-approved are not available. If a FIPS-approved state cannot be achieved when FIPS is enabled, all Sites will stop, and an error is written to the Windows Event Log.
Imported certificates that were signed using non-FIPS-certified algorithms will not work in EFT when using FIPS mode. For details of converting certificates prior to importing them into EFT, refer to Using OpenSSL to Generate/Convert Keys and Certificates.