Before applying the following configuration for ShareFile, validate that the FIPS mode is enabled on Windows Server. To do so:
- Launch the registry editor (regedit).
- Browse to the path: HKEY_LOCAL_MACHINE\SOFTWARE\PowerShell\Server\16
- Check for the registry value UseFIPSCompliantAPI.
- If the value data (DWORD) is 1, FIPS compliant mode is enabled.
If FIPS compliant mode is not enabled, use the following to enable FIPS compliant mode:
- Log on to Windows as a Windows system administrator.
- Click Start, click Control Panel and then click Administrative Tools. Note: You may have to switch to large Icons for the next step.
- Click Local Security Policy. The Local Security Settings window appears.
- In the navigation pane, click Local Policies and then click Security Options.
- In the pane on the right, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Note: Enabling the preceding setting may affect all applications on the machine.
- In the dialog box that appears, click Enabled, click Apply and then click OK.
- Close the Local Security Settings window.
For more information, see this Microsoft Support article.
By default, StorageZones Controller may use cryptography modules that are not compliant with FIPS 140-2 standard. After installing StorageZones Controller and before running ConfigService: Customers must add the following code example to turn on FIPS 140-2 compliance in their Controller.
Add the preceding code sample as a child of the <configuration> element at the end of the following file:
Next, reset IIS and restart all ShareFile services. Alternatively, restart your machine.