Manual ONTAP upgrade results in signature verification failure
Applies to
- ONTAP 9
- Manual Non Disruptive Upgrade (NDU)
- Upgrading from ONTAP versions seen in the below list or earlier, to any ONTAP build released after the versions below
- 9.17.1
- 9.16.1P7
- 9.15.1P14
- 9.14.1P14
- 9.13.1P17
- 9.12.1P19
- 9.11.1P20
- 9.10.1P20
- 9.9.1P20
- 9.8P21
- 9.7P23
- 9.6P18
- 9.5P19
Issue
- Performing a manual ONTAP upgrade (via the
system node image
update
command) from an ONTAP version released prior to September 9th, 2025 to a release after this date will fail with a signature validation error
Note: For the vast majority of configurations, manual non-disruptive ONTAP Upgrades (NDU) are not best practice and should not be used to upgrade an ONTAP cluster. See Recommended ONTAP upgrade methods based on configuration for more information.
- All automated non-disruptive upgrade (ANDU) workflows (e.g., running "
cluster image update
" in the CLI or upgrading via System Manager), will automatically workaround this issue, and no other action is needed. - If a manual upgrade is attempted without performing the workaround in the "Solution" section of this article below, an error similar to the following will be returned:
Error: Failed to verify the signatures of the image. The image may have been corrupted. Replace the image, and then try the command again.
Action: Use the "cluster show" command to verify that all nodes in the cluster are healthy. Use the"cluster image package show-repository" command to verify that the downloaded image has the correct version. If all nodes are healthy and the image has the correct version, wait a few minutes, and then use the "cluster image resume-update" command to resume the update.