Manual ONTAP upgrade results in signature verification failure
Applies to
- ONTAP 9
- Manual Non-Disruptive Upgrade (NDU)
- Upgrading to ONTAP versions in the below list or later (released after September 9th 2025)
- 9.17.1P1
- 9.16.1P8
- 9.15.1P15
- 9.14.1P15
- 9.13.1P18
- 9.12.1P20
Issue
|
WARNING A direct upgrade from 9.8 or 9.9.1 (either manually or via automated non-disruptive update) to ONTAP builds released after September 9th, 2025 is not possible, and a multi-stage upgrade is required. This is required as the workaround command listed in this KB is unavailable prior to 9.10.1. See ONTAP upgrade validation check fails due to TSA Certificate Error for required steps to upgrade. |
- Performing a manual ONTAP upgrade (via the
system node imageupdatecommand) to a version released after September 9th, 2025 will fail with a signature validation error.
Note: For the vast majority of configurations, manual non-disruptive ONTAP Upgrades (NDU) are not best practice and should not be used to upgrade an ONTAP cluster. See Recommended ONTAP upgrade methods based on configuration for more information.
- All automated non-disruptive upgrade (ANDU) workflows (e.g., running "
cluster image update" in the CLI or upgrading via ONTAP System Manager), will automatically work around this issue -- no other action is needed. - If a manual upgrade is attempted without performing the workaround in the "Solution" section of this article below, an error similar to the following will be returned:
Error: Failed to verify the signatures of the image. The image might have been corrupted. Replace the image, and then try the command again.