Verifying latest fix pack downloads
To verify that your IBM Fix Central software download is valid and has been signed by IBM, follow these steps.
Before you begin
Procedure
- To access the signature and public key files, unzip the download package.
- Run the following openssl command using the signature and public key
files:
Where:openssl dgst -sha256 -verify <public_key_file_name> -signature <signature_file_name> <file_to_sign>
- <public_key_file_name> is the public key file name, for example noi-public-key.pem
- <signature_file_name> is the signature file name, for example test.zip.sig
- <file_to_sign> is the file to be signed, for example test.zip
If the file has been signed by IBM, the openssl command returns:Verified OK
- To verify that the certificate used to sign your download is valid and verify its
ownership by IBM, run the following
command:
Where <OCSP_public_key_name> is the Online Certificate Status Protocol (OCSP) public key name, for exampleopenssl x509 -inform pem -in <OCSP_public_key_name> -noout -subject -issuer -startdate -enddate
noi-public-key-ocsp
.This command shares the certificate issuer, owner, and certificate validity dates. - To verify with the Digicert Certificate Authority whether the certificate is still valid,
run the following
command:
Where <OCSP_chain_public_key_name> is the chained OCSP public key name, for exampleopenssl ocsp -no_nonce -issuer <OCSP_chain_public_key_name> -cert <OSCP_public_key_name> -VAfile <OCSP_chain_public_key_name> -text -url http://ocsp.digicert.com -respout ocsptest
noi-public-key-ocsp-intermediate
.This command connects to the Digicert Certificate Authority and verifies whether the certificate used to create the keys is still valid and in good standing.