Validating the installer ISO file

Last Updated : Oct 03, 2023 |

About this task

Use this procedure to validate the Session Manager installer ISO, which is signed using Avaya File Signing Authority (AFSA). For a software-only installation, you must validate the ISO manually. You can also validate ISO by checking the checksum on the image and by comparing the values provided on PLDS.

Before you begin

Download the Avaya Product Root CA, for example, AvayaRootCert.pem, and add Root CA to the Session Manager trusted list. To create the file AvayaRootCert.pem, use the file present in the Appendix B Avaya root certificate section of this document.

For more information on adding Root CA to the Session Manager trusted list, see Administering Avaya Aura® Session Manager.

Procedure

  1. Run the following command to mount the installer ISO: 
    mount -o loop,ro Session_Manager_10.2.0.0.*.iso /mnt
  2. Run the following command to validate the certificate file by using the root CA: 
    openssl verify -CAfile <directory_name>/AvayaRootCert.pem /mnt/SM-10.2.0.0.*.cert
  3. Run the following command to extract the public key: 
    openssl x509 -in /mnt/SM-10.2.0.0.*.cert -pubkey -noout > /tmp/key
  4. Run the following command to check the signature of the manifest file: 
    openssl dgst -sha256 -verify /tmp/key -signature /mnt/*.cert /mnt/SM-10.2.0.0.*.mf

    This command must return Verified OK.

  5. Run the following command to validate manifest files: 
    cd /mnt
sha256sum -c SM-10.2.0.0.*.mf

    After you run the command, an output of OK indicates that the ISO file is signed and verified.

Related information
Avaya root certificate