Validating the downloaded installers

The ZVDT installer supports the signing of the installer. With the signed installer, you can validate the completeness of the downloaded package by running a command with the signing certificates that are packaged in the installer.

The ZVDT installer file zvdt-install.tgz that you download from IBM® is a compressed file. This installer file contains the following multiple installers, and corresponding signature files.

zvdt-install: Install the web server, and the corresponding signature file is zvdt-install.sig.
zdt-license-server: Install the software-based license server, and the corresponding signature file is zdt-license-server.sig.

To validate the signature file for the installer, run the following command.

openssl dgst -sha256 -verify <PUBLICKEYNAME> -signature <signature_file> <FILETOSIGN>

For example, run the following command from the directory that contains the extracted installer files.

openssl dgst -sha256 -verify signature/public.pem -signature zvdt-install.sig zvdt-install

If the installation file is valid, you will receive the message of Verified OK.