Manual ONTAP upgrade results in signature verification failure

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
Manual Non Disruptive Upgrade (NDU)
Upgrading from ONTAP versions seen in the below list or earlier, to any ONTAP build released after the versions below
9.17.1
9.16.1P7
9.15.1P14
9.14.1P14
9.13.1P17
9.12.1P19
9.11.1P20
9.10.1P20
9.9.1P20
9.8P21
9.7P23
9.6P18
9.5P19

Issue

Performing a manual ONTAP upgrade (via the system node image update command) from an ONTAP version released prior to September 9th, 2025 to a release after this date will fail with a signature validation error

Note: For the vast majority of configurations, manual non-disruptive ONTAP Upgrades (NDU) are not best practice and should not be used to upgrade an ONTAP cluster. See Recommended ONTAP upgrade methods based on configuration for more information.

All automated non-disruptive upgrade (ANDU) workflows (e.g., running "cluster image update" in the CLI or upgrading via System Manager), will automatically workaround this issue, and no other action is needed.
If a manual upgrade is attempted without performing the workaround in the "Solution" section of this article below, an error similar to the following will be returned:

Error: Failed to verify the signatures of the image. The image may have been corrupted. Replace the image, and then try the command again. Action: Use the "cluster show" command to verify that all nodes in the cluster are healthy. Use the"cluster image package show-repository" command to verify that the downloaded image has the correct version. If all nodes are healthy and the image has the correct version, wait a few minutes, and then use the "cluster image resume-update" command to resume the update.