THE INFORMATION IN THIS ARTICLE APPLIES TO:

• all products

DISCUSSION

A list of installed applications may be useful to Support technicians to determine if there may be any conflicts or missing components. The attached VBScript file can be run on the server computer, where it will create a text file containing a list of all installed applications. That text file will be created in the directory the script is in when you run it.

Download the attached TXT file, rename it with a VBS extension, and then double-click it to run. When complete, it will give you the name of the output file and prompt you to open it for review.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• all products

QUESTION

How do I submit a ticket to Support?

ANSWER

• Mail Express, v4.2 and later

NOTE: We haven't tested this in older versions, but it should work.

DISCUSSION

When a client receives an attachment via Mail Express, the email also include an attachment with the package identifier. This file, as shown below, has no useful data and is primarily used as static icon to allow recipients to sort/filter for emails with attachments. However, because of the file name, some clients think this could be a malicious email and are not willing to accept the email. While the icon cannot be removed, we can change the name of the file from the unique package id to something more friendly.

To change the extension or file name

1. Stop the Mail Express service and browse to the following folder, depending on the operating system and installed version:
   “C:\Program Files\GlobalSCAPE\Mail Express\webapps\ROOT\WEB-INF\classes\META-INF”
   or
   “C:\Program Files (x86)\GlobalSCAPE\Mail Express\webapps\ROOT\WEB-INF\classes\META-INF”
2. Locate the file named staticConfig and make a backup of this file. (Right-click the file, click Copy, then click Paste.)
3. Open staticconfig in a text editor and browse down to the following section:

<bean id="attachmentNamePattern" class="java.lang.String">

<constructor-arg value="Package_%s.html />

<meta key="Description" value="The format for the name of the small HTML file attached to emails …" />

4. In <constructor-arg value'"Package_%s.html />, change the text in the quotations marks to what you would like the filename or extension to be. Be sure to maintain the quotation marks.
5. Restart Mail Express and send a test message to confirm successful changes.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, all versions

SYMPTOM

LavaSoft Ad-Aware erroneously detecting the EFT server service as malware, causing the server service to crash.

Windows Event Viewer displays the error as shown below.

WORKAROUND

Uninstall or disable any Lavasoft products that may be installed on the EFT server computer.

MORE INFORMATION

We have reached out to Lavasoft to have the EFT server service (cftpstes.exe) added to the exclusion list.

Ad-Aware is often installed unintentionally when installing other products, such as shown below.

Use caution when installing "free" software, as it is often not tested for compatibility with other solutions.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• CuteFTP, all versions

SYMPTOM

When no password is specified for an SFTP connection in the Site properties or the Quick Connect bar in CuteFTP, the connection fails without asking for a password.

The log file might read:

*** CuteFTP 9.0 - build Jun 25 2013 ***

STATUS:> [6/2/2016 3:22:54 PM] Getting listing ""...

STATUS:> [6/2/2016 3:22:54 PM] Connecting to SFTP server...

STATUS:> [6/2/2016 3:22:54 PM] SFTP connection closed.

STATUS:> [6/2/2016 3:22:54 PM] Connection closed.

RESOLUTION

To enable the login prompt

1. In CuteFTP, click Tools > Global Options.
2. In the Global Options dialog box, click Display > Prompts.
3. Under Prompts, select the Show login prompt if connection fails or is missing data check box.
4. Click OK.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v6 and later

DISCUSSION

This article demonstrates how to use the EFT API with Curl.

Get File/folder list

curl.exe --user rguzman:123 -X GET http://192.168.111.250:81/

Returning JSON format:

curl.exe --user rguzman:123 -X GET http://192.168.111.250:81/?JSON

Download file

curl.exe --user rguzman:123 --output output.txt -X GET http://192.168.111.250:81/output.txt

Uploading a file

curl.exe --user rguzman:123 --upload-file readme.txt http://192.168.111.250:81/readme.txt

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v7 and later
  • with Secure Ad Hoc Transfer and the Web Transfer Client

SYMPTOM

When attempting to upload a folder, the error message "Secure Ad Hoc Transfer has encountered an unexpected problem" and "Failure 401 Unauthorized" appears in the Java console log.

The Java console log shows:
[INFO] HTTPTransfer - Head Status code = 401
[INFO] HTTPUploadTransfer - Upload failed

SOLUTION

If you want to allow SAT users to upload folders using the SAT sendmail page, “Allow Web Transfer Client (WTC)” must be enabled on the Connections tab of the Ad Hoc template.

Verify the following setting is enabled:

MORE INFORMATION

The WTC must be licensed or in trial mode. The plaintext client (PTC) is unable to transfer folders.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT SMB v6.5 and later
• Mail Express 3.1 and later
• DMZ Gateway v3.3 and later

QUESTION

Do I need a multi-site license for DMZ Gateway if I want to use it with EFT SMB and Mail Express?

ANSWER

No, you can use 2 single-site DMZ Gateway licenses. One is activated in EFT SMB, and the other is activated in Mail Express.

MORE INFORMATION

EFT Enterprise can use multiple DMZ Gateways with a multi-site license.

Also, Mail Express can communicate to EFT Enterprise any Mail Express file transfers for use in EFT Event Rules and Reporting. Mail Express can automatically populate configuration items shared with EFT Enterprise using the Auto sync feature. Using Auto sync, Mail Express can automatically synchronize all EFT Enterprise settings that it needs or you can sync them one at a time on the various Mail Express administration pages. The Mail Express settings that can synchronize with EFT Enterprise include mail server configuration (host name and port, mail server authentication settings, and From address for Mail Express notifications) and DMZ Gateway configuration (whether DMZ Gateway is enabled in EFT, DMZ Gateway address, the server port, and the client HTTPS port).

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, version 7 and later in a clustered or HA environment

QUESTION

Why do clients connect to EFT showing the IP of the Netscaler load balancer?

ANSWER

Security features in EFT, such as like DoS prevention and banning IP addresses depend on being able to see the IP addresses from the clients that are connecting to EFT.

To use Source IP on configuring service

1. On the DMZ Gateway servers being load-balanced, set the default gateway at the Windows OS TCP/IP settings to the SNIP IP (Netscaler’s Subnet IP – i.e. its interface on the local subnet) instead of the subnet’s default gateway IP.
2. In on Netscaler’s Configure Service dialog box, select the Use source IP check box.
3. Click OK to save your changes and dismiss the dialog box.
   

*Note: EFT shares the configuration between NODES, so whatever is on Node A is also on Node B, Node C, etc.

• bridging (pass through) the SSH key to either server
• bridging the SSL directly to the DMZ Gateways

However, it is possible to use “reverse proxy” or non-bridging:

• SSL terminates at the NLB using imported Signed SSL certificate.
  • Either the traffic goes from https->http
  • Or you terminate the SSL certificate on NLB and then re-secure the SSL between NLB and DMZ Gateway.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• CuteFTP, V8 and later
• CuteSite Builder, v5 and earlier

QUESTION

Does Globalscape have a replacement for CuteSITE Builder?

ANSWER

On June 30, 2006, Sales and Support of CuteSITE Builder was discontinued, but registration and activation will remain available indefinitely. Although CuteSITE Builder is discontinued, it remains protected under copyright laws and the End User License Agreement.

Globalcape has no plans to replace CuteSITE Builder. However, CuteFTP® can be used to create and edit web pages.

MORE INFORMATION

CuteFTP has a built-in, color-coded HTML editor with which you can edit HTML and other ASCII (text)-based documents.

When you open an HTML document or create a new one in CuteFTP, the HTML Editor toolbar appears with which you can insert a variety of HTML tags, text formatting, and so on.

You can also use the default CSS style sheet or create your own. There is an example of how to do so in the CuteFTP WebHelp and installed help. The help also includes links to pages to help you learn HTML or to look up commonly used HTML tags. Of course, some of the great features of CuteFTP include the ability to edit HTML pages on your remote server, run scripts to automate uploads, Unicode support, WebDAV support, support for SSL and SFTP for secure transfers, OpenPGP, and numerous others.

To learn more about CuteFTP, visit the following links:

• WebHelp
• How to purchase CuteFTP
• Support for CuteFTP

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v6 and later

DISCUSSION

Advanced Workflow Engine (AWE) for EFT Enterprise provides an expanded ability to automate tasks within EFT Event Rules, with an extended list of built-in actions as well as providing for more complex logic when required. Sample AWE tasks are provided automatically upon creation of a first or subsequent Site within the EFT implementation. However, for some customers who have or intend to roll out many Sites, this may not be as helpful as for others.

The mechanism by which EFT provisions the duplicates of the sample AWE tasks for a newly provisioned Site is to check the AWE subfolder under the EFT configuration directory for task files found there whose name begins with "Sample" and create new copies of those files for the new Site. The default path is C:\ProgramData\Globalscape\EFT Enterprise\AWE, but may vary depending on the version of the operating system on which EFT is installed, and it is a configurable option upon installation that may have been customized. It may also be desirable to remove unused duplicate Sample tasks among the Sites.

1) PREVENT FUTURE DUPLICATION

To prevent EFT from duplicating the Sample tasks for each new Site created in EFT, simply move the Sample tasks to any other folder. The recommended choice is a subfolder called Samples into which you would move those Sample task files. Sample task files begin with the word "Sample" (e.g., "Sample - Date Format Functions.aml") and have no Site name prefix.

The following steps reflect default paths. After completion, any new Site created will no longer be provisioned with a duplicate copy of the Sample files.

1. In Windows Explorer, go to C:\ProgramData\Globalscape\EFT Enterprise\AWE.
2. Select all of the Sample task files (Press CTRL+X or right click + Cut).
3. Create a new subfolder called "Samples": C:\ProgramData\Globalscape\EFT Enterprise\AWE\Samples.
4. Paste the previously cut Sample task files into that subfolder.

2) CLEANUP PREVIOUS UNNEEDED SAMPLES

For any existing Site(s) within EFT there is a collection of Sample AWE tasks for you to use as templates/examples for your own tasks. If those tasks are not in use and you want to remove them, it is recommended to remove them from within the EFT administration tool, not in Windows Explorer. (However, there is no harm in leaving them there, in case you want to use one of them as a template later on.)

1. On the Server tab, under the applicable Site (e.g. “MySite”), expand the Advanced Workflows node.
2. Click to select the specific Advanced Workflow task to remove.
3. In the right pane, click Remove.
4. In the confirmation prompt that appears, click Yes. The workflow task is removed.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Mail Express version 4.x

DISCUSSION

Deploying the Outlook Add-In for Mail Express is generally straightforward in typical workstation deployments. Installation size is minimal and has no significant effect on the desktop or laptop of a given employee. However, when the workstations are virtual desktops centrally hosted, such as on a Citrix or Terminal Server implementation, all of the installations are being done against a single storage source under which all the desktops are supported, and the total storage can add up. The effect varies based on the number of installations across the number of Terminal Servers in the farm and how constrained storage resources might be. 250 installations might not be significant, but venturing into the thousands probably would.

General information on installation in such an environment is already covered in the Mail Express documentation, including any special steps that might be necessary for such multiuser environments, as well as considerations such as establishing maintenance windows in which running Outlook instances are terminated while the add-ins are installed.

Installing to mapped drives is unreliable and not recommended. Instead, you can allow the operating system to establish what appears to be a local folder that still addresses the actual remote UNC path to which a mapped drive would have been established. Below we will discuss how to leverage symbolic links (symlinks) to direct all installations across all Terminal Servers in the farm to a specific centralized network storage source.

NOTES

1. Ensure the user account has appropriate full access to the target UNC path, both through the share itself as well as the local file and folder permissions within the share, either individually or via group membership.
2. These steps may be automated for deployment in whatever manner your organization prefers, as there are many solutions for rolling out software and other configuration in an automated fashion. Mail Express does not explicitly exclude any of the many options nor makes special provisions for any vender-specific proprietary technologies.
3. Globalscape does not generally maintain in-depth documentation for exclusively third-party functions such as features across the many versions of Microsoft Windows. Please refer to the third party’s documentation, or search the web for applicable solutions as desired. See http://stackoverflow.com/questions/33009154/create-symlink-with-gpo for example, which may be more helpful to some customers than to others.

DIRECTIONS

1. Create a symlink within the user’s environment that targets the desired UNC path. For example, for a user with the username of Eric, and a file server with the host name of files.example.com, within that user’s logged-in session you could run a Command Prompt (as an Administrator, if required by UAC configuration) and input a command line like the following, with no line breaks: mklink /d "C:\Users\Eric\AppData\Roaming\GlobalSCAPE\test" \\files.example.com\Share\Example
2. In that user’s interactive session, run the installer. See product documentation for information on leveraging a parameterized silent installer if desired.
3. When prompted to provide the install location, base it in the local path of the symlink created in the first step. For example:
4. When prompted to provide the file store location, again base it in the local path of the symlink created in the first step. For example:

When the installation is completed, and upon launching Outlook, the Mail Express Outlook Add-In will reference and leverage that local path, which is targeting the desired UNC path behind the scenes of the operating system.

With this setup, Mail Express customers have been successful in minimizing the effects on storage utilization of large numbers of users on virtual desktops across multiple Terminal Servers.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, version 7 and later

QUESTION

Can I export a list of all of the IP addresses available on EFT?

ANSWER

Yes. Using an Advanced Workflow Engine (AWE) task with a script action, you can export a list of the IP addresses on EFT to a file.

MORE INFORMATION

An example of such an AWE task is copied below.

To import the workflow

1. Paste the code below into a text file.
2. Save the file named with the Site name, an underscore, and then the task a name, such as"MySite_GetCurrentIPAddressCSV" with the extension of .aml.
3. Import the file into AWE using the Import button, as described in Importing Workflows in the AWE help documentation.
   After you import the workflow, it will appear in the Advanced Workflows node of the tree.
4. Create an Event Rule, such as a Timer rule, and add the Execute Advanced Workflow Action.
5. Click the Advanced Workflow Action in the Rule Builder. The Advanced Workflow dialog box appears.
6. In the Advanced Workflow dialog box of the Event Rule, select the new AWE task to add it to the Event Rule.
   The Event Rule will look similar to the one below (which, in this example, is in an active-active cluster). You can then add follow-on actions, such as an email notification.
   Note that if you are creating this rule for an HA environment, you must define the node the rule is to run on, and a backup default node.

Copy and paste the code below into a TXT file, then save it with an AML extension and import it into EFT.
<AMTASK>
<AMTASKHEAD>
    <TASKINFO TASKVERSION="8090" />
</AMTASKHEAD>
<AMFUNCTION NAME="Main" RETURNTYPE="variable">
<!-- Collect a list of IPs and create a CSV list -->
<AMSCRIPT>Function GetCurrentIPAddressCSV As String
    strComputer = &quot;.&quot;
    Set objWMIService = GetObject(&quot;winmgmts:\\&quot; &amp; strComputer &amp; &quot;\root\cimv2&quot;)
    Set ipConfigSet = objWMIService.ExecQuery (&quot;SELECT IPAddress FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled='True'&quot;)
    ipCSVString = Null
    For Each ipConfig In ipConfigSet
        If Not IsNull(ipConfig.IPAddress) Then
            For i = LBound(ipConfig.IPAddress) To UBound(ipConfig.IPAddress)
                If Not InStr(ipConfig.IPAddress(i), &quot;:&quot;) &gt; 0 Then
                    If Not IsNull(ipCSVString) Then
                        ipCSVString = ipCSVString &amp; &quot;,&quot; &amp;  ipConfig.IPAddress(i)
                    Else
                        ipCSVString = ipConfig.IPAddress(i)
                    End If
                End If
            Next
        End If
    Next
    GetCurrentIPAddressCSV = ipCSVString
End Function
'Sub Main
'    returnVal = GetCurrentIPAddress()
'End Sub
</AMSCRIPT>
<AMVARIABLE NAME="ipAddressCSVList">%GetCurrentIPAddressCSV()%</AMVARIABLE>
<AMFILEWRITE FILE="C:\temp\IPList.csv">%ipAddressCSVList%</AMFILEWRITE>
</AMFUNCTION>
</AMTASK>

In the line that defines the location and name of file to write to, "<AMFILEWRITE FILE" you can save it to any location and name it whatever you want, as long as EFT can write there.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• Secure FTP Server v3.x
• EFT v6 and later
• EFT v7 and later

Refer to http://kb.globalscape.com/KnowledgebaseArticle10666.aspx for details of migrating a Secure FTP Server 3.3.10 configuration to a new server running EFT v6, which includes all Event Rules, user accounts, keys, and so on.

DISCUSSION

To update a Secure FTP Server 3 ODBC user database to work with EFT Server 6 and 7, you will need to add the SETTINGSLEVEL field to the FTPSERVER_USERS table, as described below.

1. In the EFT administration interface, on the Site's General tab, locate the ODBC user database name.
2. Open SQL Server Management Studio (or Oracle equivalent).
3. Log into the SQL Server Management Studio using an account that is at least a DB Owner for the ODBC user account database (for Oracle, use schema owner).
4. Do one of the following:

• For a SQL, in SQL Server Management Studio, execute the following commands upgrade the database:

USE [ODBC database name]

GO

ALTER TABLE FTPSERVER_USERS

ADD SETTINGSLEVEL VARCHAR(200) NULL

GO

• For Oracle, execute the following commands in the Oracle database console against the ODBC user database:

ALTER TABLE FTPSERVER_USERS

ADD SETTINGSLEVEL VARCHAR2(200);

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, v6 and later

SYMPTOM

When importing users using EFT Sync Tool, I see an MX 7 error.

WORKAROUND

EFT has user security settings to Enforce strong passwords and Force users to change their first-time password Immediately upon first use. These password features are good for secure daily operations; however, they should not be used during a SYNC or IMPORT function using EFT Sync Tool. Before importing users, you need to disable those features.

To disable those settings

1. In the administration interface, on the Site's Security tab, clear the check boxes for Enforce strong passwords and Force users to change their first-time password Immediately upon first use.
2. Click Apply to save the changes. The setting will be inherited by all Settings Templates and user accounts on the Site.

At some point after importing users into EFT, you can enable those settings again by selecting the check boxes, and then clicking Apply. Users will be forced to change their passwords the next time they log in and to create a password that meets your complexity settings. For example, you could wait to enable the settings 90 days after going live on the new EFT system and warn users that you will start to enforce this and other security features related to their accounts.

MORE INFORMATION

Why do these settings cause errors when importing users?

• Using the EFT Sync tool is an administration change to the EFT via the COM API. This is the same thing as the administrator running the Create New User wizard in the administration interface. Because of the design, they both would require the user to change their password on first-time use.
• To get around this, disabling this feature would allow users to retain the password for a specific time until the administrator needs to enforce this option.
• Because of the behavior explained before, the "enforce password" setting may cause a problem with logging in, because the previous passwords used on the OLDER version of EFT may not be complex enough to meet the new security requirements. Disabling this setting allows you to import the old non-complex passwords so that you do not create a problem when users log in to the new EFT system.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v7.2 and later

DISCUSSION

The Web Transfer Client (WTC) for EFT provides an intuitive and full-featured web interface for human users to interact easily and securely with EFT without requiring any kind of new software installation, requiring only a browser. One of the many functions of the WTC is to verify the integrity of files uploaded to EFT by comparing the unique fingerprint of the file received by the server with that of the original file on the client’s system, using a CRC32 checksum. This is often desirable and eliminates any possible doubt in regard to potential problems during a transfer, such as data corruption.

But file integrity verification also takes time and system resources to verify each file uploaded, especially noticeable for very large files. Additionally, automated processes on the server side that make changes to the file or its location (encrypt, decrypt, move, etc) prevent the WTC verification from succeeding, because the file will no longer be in its original form in its original location on the server, and in the WTC the upload will be flagged with a CRC error. This error notation could cause the user to be unnecessarily concerned that there has been a problem, when in reality it’s simply an indicator that the automated processes have taken over successfully.

If for these reasons or others an administrator of EFT wants to disable file integrity verification, it is a fairly simple process, changing a single value in a configuration file from “true” to “false” within the context of EFT’s WTC customization mechanisms.

When upgrading EFT, the \web\custom\ and \web\public\ folders are backed up and renamed with the date and time. The new versions of the files may have some updated content, so rather than overwriting the new files with your old files, you should manually copy your customizations to the new files after upgrading. The best practice is to have only customized files in the \web\custom\ folder and to leave the default files unmodified in the \web\public\ folder. It is not necessary to restart the Site or Server to see your changes, but you will have to refresh or close and reopen your browser.

To disable CRC in WTC

1. On the EFT computer, use Windows Explorer to browse to the installation directory, which is by default:

C:\Program Files (x86)\Globalscape\EFT Server Enterprise

2. Under \web\custom\, create the folder structure \EFTClient\jument\scripts\.
3. In \web\public\EFTClient\jument\scripts\, copy the file adminConfig.js and paste it into the new \scripts\ folder.

(Or, to affect only users of a specific Site within EFT, refer to "Rebranding (Customizing) the Web Transfer Client" in the EFT help documentation. Refer to http://help.globalscape.com/help/index.html find help for your version of EFT.)

4. Open the pasted file in a text editor such as Notepad and look for the line:gsb.config.crcVerifications = true;
5. Change the value “true” to “false” so that it reads: gsb.config.crcVerifications = false;
6. Save your changes.
7. Clear your browser cache and then log into the Web Transfer Client, upload a file, and look for the "verifying" step. If the change has been successful, the verifying step will be skipped upon completion of the upload.

Note that it is recommended that any connecting users on that Site clear their browser cache to force the newly modified adminConfig.js file to be downloaded to their browser.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, version 7.2 and later

QUESTION

Can I prevent LDAP users from loaded into EFT until they log in?

ANSWER

Create registry setting below to specify whether to load whole LDAP user database into EFT at once or to pull users one-by-one after successful logins.

HKEY_LOCAL_MACHINE\Software\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.0\

Name: IgnoreNeverLoggedInLDAPUsers

Type: BOOL

Values: 0 = load all users (default); 1 = pull users one at a time as they log in

Cached: yes

Backup/Restore: yes

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v7.2 and later

DISCUSSION

The following registry setting can be used to set the OpenPGP cipher algorithm.

Acceptable values are "CAST5", "3DES", "AES256", "AES192", "AES128", "BLOWFISH", "TWOFISH", and "IDEA". The string values ARE case-insensitive. PGPEncryptingAlgorithm string registry value is reset only if AutoSelectPGPCiphers is set to 0. When set to 0, it will turn off auto-select ciphers. When AutoSelectPGPCiphers is 0 defaults to AES128.

HKEY_LOCAL_MACHINE\Software\WOW6432Node\GlobalSCAPE Inc.\EFT Server 7.2\

 PGPEncryptingAlgorithm

Type: TEXT

Default Value: CAST5

Cached: yes

Backup/Restore: yes

AutoSelectPGPCiphers

Description: Enables or disables auto-select PGP ciphers.

Type: bool

Default Value: 1

Cached: yes

Backup/Restore: yes

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT, version 7.2.1 and later

SYMPTOM

EFT logs "MAC check failed" error when connecting to TIBCO Internet Server 7.3.1 using HMAC512.

RESOLUTION

This is not an EFT issue, but an issue with the TIBCO implementation of the SHA2-HMAC-512 algorithm.

To resolve this issue, apply the TIBCO hot fix 7.3.1HF3, which you can request from TIBCO support.

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT v6 and later

DISCUSSION

Google has issued an "Intent to Deprecate and Remove" trust in existing Symantec-issued Certificates, requiring that, over time, they be replaced with new, fully revalidated certificates. All newly-issued certificates must have validity periods of no greater than 9 months (279 days) to be trusted in Google Chrome version 61 and later. All Symantec-issued certificates are affected, including GeoTrust and Thawte, which are CAs operated by Symantec. Therefore, in the future, if EFT uses a Symantec-issued certificate, Google Chrome will not trust it. According to Google, "Assessing the compatibility risk with both Edge and Safari is difficult, because neither Microsoft nor Apple communicate publicly about their changes in trust prior to enacting them."

Refer to the following web pages for details of this issue:

• Google forum post: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ

• Symantec's response: https://www.symantec.com/connect/blogs/symantec-backs-its-ca