To verify that your IBM® Fix Central software download is valid and has been signed by IBM, follow these steps.
Before you begin
Install OpenSSL. For more information, see www.openssl.org .
Procedure
-
To access the signature and public key files, unzip the download package.
- Run the following openssl command using the signature and public key
files:
openssl dgst -sha256 -verify <public_key_file_name> -signature <signature_file_name> <file_to_sign>
Where:
- <public_key_file_name> is the public key file name, for example
noi-public-key.pem
- <signature_file_name> is the signature file name, for example
test.zip.sig
- <file_to_sign> is the file to be signed, for example
test.zip
If the file has been signed by IBM, the
openssl command
returns:
Verified OK
- To verify that the certificate used to sign your download is valid and verify its ownership by IBM, run the following command:
openssl x509 -inform pem -in <OCSP_public_key_name> -noout -subject -issuer -startdate -enddate
Where
<OCSP_public_key_name> is the Online Certificate Status Protocol (OCSP) public
key name, for example
noi-public-key-ocsp
.
This command shares
the certificate issuer, owner, and certificate validity dates.
- To verify with the Digicert Certificate Authority whether the certificate is still valid,
run the following
command:
openssl ocsp -no_nonce -issuer <OCSP_chain_public_key_name> -cert <OSCP_public_key_name> -VAfile <OCSP_chain_public_key_name> -text -url http://ocsp.digicert.com -respout ocsptest
Where
<OCSP_chain_public_key_name> is the chained OCSP public key name, for example
noi-public-key-ocsp-intermediate
.
This command connects to the
Digicert Certificate Authority and verifies whether the certificate used to create the keys is still
valid and in good standing.