Verifying latest fix pack downloads

To verify that your IBM Fix Central software download is valid and has been signed by IBM, follow these steps.

Before you begin

Install OpenSSL. For more information, see www.openssl.org external icon.

Procedure

  1. To access the signature and public key files, unzip the download package.
  2. Run the following openssl command using the signature and public key files:
    openssl dgst -sha256 -verify <public_key_file_name> -signature <signature_file_name> <file_to_sign>
    Where:
    • <public_key_file_name> is the public key file name, for example noi-public-key.pem
    • <signature_file_name> is the signature file name, for example test.zip.sig
    • <file_to_sign> is the file to be signed, for example test.zip
    If the file has been signed by IBM, the openssl command returns:
    Verified OK
  3. To verify that the certificate used to sign your download is valid and verify its ownership by IBM, run the following command:
    openssl x509 -inform pem -in <OCSP_public_key_name> -noout -subject -issuer -startdate -enddate
    Where <OCSP_public_key_name> is the Online Certificate Status Protocol (OCSP) public key name, for example noi-public-key-ocsp.
    This command shares the certificate issuer, owner, and certificate validity dates.
  4. To verify with the Digicert Certificate Authority whether the certificate is still valid, run the following command:
    openssl ocsp -no_nonce -issuer <OCSP_chain_public_key_name> -cert <OSCP_public_key_name> -VAfile <OCSP_chain_public_key_name> -text -url http://ocsp.digicert.com -respout ocsptest
    Where <OCSP_chain_public_key_name> is the chained OCSP public key name, for example noi-public-key-ocsp-intermediate.
    This command connects to the Digicert Certificate Authority and verifies whether the certificate used to create the keys is still valid and in good standing.