Verifying latest fix pack downloads
To verify that your IBM® Fix Central software download is valid and has been signed by IBM, follow these steps.
Install OpenSSL. For more information, see www.openssl.org .
Before you begin
- To access the signature and public key files, unzip the download package.
- Run the following openssl command using the signature and public key
openssl dgst -sha256 -verify <public_key_file_name> -signature <signature_file_name> <file_to_sign>
If the file has been signed by IBM, the openssl command returns:
- <public_key_file_name> is the public key file name, for example noi-public-key.pem
- <signature_file_name> is the signature file name, for example test.zip.sig
- <file_to_sign> is the file to be signed, for example test.zip
- To verify that the certificate used to sign your download is valid and verify its ownership by IBM, run the following command:
Where <OCSP_public_key_name> is the Online Certificate Status Protocol (OCSP) public key name, for example
openssl x509 -inform pem -in <OCSP_public_key_name> -noout -subject -issuer -startdate -enddate
noi-public-key-ocsp.This command shares the certificate issuer, owner, and certificate validity dates.
- To verify with the Digicert Certificate Authority whether the certificate is still valid,
run the following
Where <OCSP_chain_public_key_name> is the chained OCSP public key name, for example
openssl ocsp -no_nonce -issuer <OCSP_chain_public_key_name> -cert <OSCP_public_key_name> -VAfile <OCSP_chain_public_key_name> -text -url http://ocsp.digicert.com -respout ocsptest
noi-public-key-ocsp-intermediate.This command connects to the Digicert Certificate Authority and verifies whether the certificate used to create the keys is still valid and in good standing.