There are several important things to take into consideration if you plan to operate WhatsUp Gold in FIPS 140-2 mode:
The following are scenarios may occur when you try to enable FIPS 140-2 mode in the Program Options dialog:
If a message is presented that you have non-compliant SNMPv3 credentials (but you have a compliant SSL certificate):
This option is disabled because the SNMPv3 credentials are not FIPS compliant. Go to the Credentials Library to edit or remove the SNMP credentials. After editing or removing the credentials, you can enable this option in the Program Options dialog.
If a message is presented that you have non-compliant SSL certificate (but you have a compliant SNMP credentials):
This option is disabled because the SSL certificate is not FIPS compliant. Replace your current SSL certificate with a FIPS-compliant SSL certificate. To automatically replace your current SSL certificate with the default FIPS-compliant SSL certificate, click the link in the on-screen messsage. After replacing the SSL certificate, you can enable this option in the Program Options dialog.
If a message is presented that you have non-compliant SNMPv3 credentials and a non-compliant SSL certificate:
This option is disabled because the SNMPv3 credentials and the SSL certificate are not FIPS compliant. Go to the Credentials Library to edit or remove the SNMP credentials. Also, replace your current SSL certificate with a FIPS-compliant SSL certificate. To automatically replace your current SSL certificate with the default WhatsUp Gold FIPS-compliant SSL certificate, click the link in the on-screen message. After editing or removing the credentials and replacing the SSL certificate, you can enable this option in the Program Options dialog.
If a message is presented that confirms you have used the WhatsUp Gold default SSL certificate:
You have selected to use the default FIPS-compliant SSL certificate in WhatsUp Gold. Your certificate password is not be backed up automatically. Make sure you back up the SSL certificate password before completing this action. The current SSL certificate is backed up as server.crt.bak
and server.key.bak
.
For more information about SSL certificates in WhatsUp Gold, see About the WhatsUp Gold default SSL certificates.
For more information about the FIPS 140-2 specification, see the U.S. Department of Commerce documentation.