Skip to main content
NetApp Knowledge Base

OKM upgrade error: Failed to verify the signatures of the image

  1. Last updated
  2. Save as PDF
Views:
2,748
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.7 and higher
  • Software image download
  • Onboard Key Manager (OKM) with Common Critieria (CC) mode enabled which requires the user to enter the passphrase each time a node reboots

Issue

ONTAP image download on a cluster with OKM in CC-mode may encounter the following error:

CLI Error Message

Failed to verify the signatures of the image. The image may have been corrupted. Replace the image, and then try the command again., Action: Use the "cluster show" command to verify that all nodes in the cluster are healthy. Use the "cluster image package show-repository" command to verify that the downloaded image has
the correct version. If all nodes are healthy and the image has the correct version, wait a few minutes, and then use the "cluster image resume-update" command to resume the update.

Example:

system node image update -replace image2 -node netappnode0* -package http://Web_server/97P5_q_image.tgz -setdefault true

Warning: The recommended best-practice is to use the automated non-disruptive update procedure if you are attempting an upgrade or a minor version downgrade. Refer to the Clustered Data ONTAP Upgrade and Revert/Downgrade Guide for details.
Do you want to continue? {y|n}: y

Software update started on node netappnode01-dr. Updating image2 with package   http://.../97P5_q_image.tgz.
Downloading package. This may take up to 20 minutes.
98% downloaded
Download complete.
Listing package contents.
Decompressing package contents.
Verifying package signature.
Install Failed.
Failed to verify the signatures of the image. The image may have been corrupted.
Replace the image, and then try the command again.
Error: command failed on node "netappnode01-dr": Install Failed. Failed to verify the signatures of the image. 
The image may have been corrupted. Replace the image, and then try the command again.

 EMS Log

[NETAPP-01: mgwd: image.install.fail.sign:alert]: "Image installation fail: Image digital signature check failed."
[NETAPP-01: notifyd: callhome.andu.pausederr:alert]: params: {'epoch': 'f24b1cd8-14dc-4292-80a5-d45814451e92', 'subject': 'AUTOMATED NDU PAUSED'}

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.