Skip to main content

Manually verify installation files (optional)

Contributors netapp-lhalbert netapp-pcarriga
PDFs

If necessary, you can manually verify the files in the StorageGRID installation archive.

Before you begin

You have downloaded the verification package from the NetApp Downloads page for StorageGRID.

Steps

  1. Extract the artifacts from the verification package:

    tar -xf StorageGRID_11.9.0_Code_Signature_Verification_Package.tar.gz

  2. Ensure that these artifacts were extracted:

    • Leaf certificate: Leaf-Cert.pem

    • Certificate chain: CA-Int-Cert.pem

    • Time stamp response chain: TS-Cert.pem

    • Checksum file: sha256sum

    • Checksum signature: sha256sum.sig

    • Time stamp response file: sha256sum.sig.tsr

  3. Use the chain to verify the leaf certificate is valid.

    Example: openssl verify -CAfile CA-Int-Cert.pem Leaf-Cert.pem

    Expected output: Leaf-Cert.pem: OK

  4. If step 2 failed because of an expired leaf certificate, use the tsr file to verify.

    Example: openssl ts -CAfile CA-Int-Cert.pem -untrusted TS-Cert.pem -verify -data sha256sum.sig -in sha256sum.sig.tsr

    Expected output includes: Verification: OK

  5. Create a public key file from the leaf certificate.

    Example: openssl x509 -pubkey -noout -in Leaf-Cert.pem > Leaf-Cert.pub

    Expected output: none

  6. Use the public key to verify the sha256sum file against sha256sum.sig.

    Example: openssl dgst -sha256 -verify Leaf-Cert.pub -signature sha256sum.sig sha256sum

    Expected output: Verified OK

  7. Verify the sha256sum file content against newly created checksums.

    Example: sha256sum -c sha256sum

    Expected output: <filename>: OK
    <filename> is the name of the archive file you downloaded.

  8. Complete the remaining steps to extract and choose the appropriate files from the installation archive.