Skip to main content

Manually verify installation files (optional)

Contributors netapp-lhalbert netapp-pcarriga

If necessary, you can manually verify the files in the StorageGRID installation archive.

Steps
  1. Extract the artifacts from the verification package:

    tar -xf StorageGRID_11.9.0_Code_Signature_Verification_Package.tar.gz

  2. Ensure that these artifacts were extracted:

    • Leaf certificate: Leaf-Cert.pem

    • Certificate chain: CA-Int-Cert.pem

    • Time stamp response chain: TS-Cert.pem

    • Checksum file: sha256sum

    • Checksum signature: sha256sum.sig

    • Time stamp response file: sha256sum.sig.tsr

  3. Use the chain to verify the leaf certificate is valid.

    Example: openssl verify -CAfile CA-Int-Cert.pem Leaf-Cert.pem

    Expected output: Leaf-Cert.pem: OK

  4. If step 2 failed because of an expired leaf certificate, use the tsr file to verify.

    Example: openssl ts -CAfile CA-Int-Cert.pem -untrusted TS-Cert.pem -verify -data sha256sum.sig -in sha256sum.sig.tsr

    Expected output includes: Verification: OK

  5. Create a public key file from the leaf certificate.

    Example: openssl x509 -pubkey -noout -in Leaf-Cert.pem > Leaf-Cert.pub

    Expected output: none

  6. Use the public key to verify the sha256sum file against sha256sum.sig.

    Example: openssl dgst -sha256 -verify Leaf-Cert.pub -signature sha256sum.sig sha256sum

    Expected output: Verified OK

  7. Verify the sha256sum file content against newly created checksums.

    Example: sha256sum -c sha256sum

    Expected output: <filename>: OK
    <filename> is the name of the archive file you downloaded.

  8. Complete the remaining steps to extract and choose the appropriate files from the installation archive.