Control Compliance Suite (CCS)

The ‘Automatic Update Install’ job fails for CCS version 12.5.1 and 12.5.2 with error message on CCS Console.

A new signing certificate will be used for all CCS files signed after March 2021. Any updates / QF released after this date will require an updated ‘Symantec.CSM.AssemblyVerifier.dll’. This file contains the updated CCS certificate information necessary to validate the certificate for newly released files.

Digital signature verification failed for Update on Application Server (host = Hostname)

Digital signature verification failed for Patch Assessment Content Update on Application Server (host = hostname).

CCS v12.5.1 and 12.5.2 Application Server/Console
CCS v12.5.1 and 12.5.2 Managers

IMPORTANT NOTE: Starting in SCU 2021-1, the Assembly Verifier files are now included in the SCU release, and are applied automatically when you apply SCU 2021-1 or newer SCU releases on the Application Server and remote managers.

UPDATED February 25th, 2021 for manual installation only

To resolve this issue, apply the following Hotfix 10129 before you install any CCS product or content update.

• The following Hotfix (HF) package is available for CCS 12.5, 12.5.1 and for 12.5.2:

HF_10129_CCS_v12.5.1_RU.zip

NOTE: For steps to apply this Hotfix, refer to the ReadMe_HF_10129_CCS_12.5.1.pdf document that is included in the HF_10129_CCS_v12.5.1_RU.zip package in the Download Files section of this KB article.

Hotfix 10129 File Information:

HF_10129_CCS_v12.5.1_RU_FEB162021.zip

MD5: a704954cd7990611c9b0c3d20dea2c69

SHA1: 04b3ffe33d000a2aa37757efe05ee0a44042ae2a

Symantec.CSM.AssemblyVerifier.dll

MD5: 1abfd755e4d790bac2d2053fdc5289b6

SHA1: e49488962a4ee980fce0e2b28341db19ee2e6dc2

symantec.csm.assemblyverifier.x64.dll

MD5: c1a379c5bdc2449ba9df1e939100f60e

SHA1: 35631b1c6bdb4b6fb5668884910f723b9b429860

symantec.csm.assemblyverifier.x86.dll

MD5: 7b720bb5bc4237a8b547329473a02652

SHA1: 26ae15b293eb51e55286c210707e8017a618d550

Deprecated Assembly Verifiers for CCS versions that are no longer supported (CCS versions 11.x, 11.5.x, 12.0, 12.0.1):

End of Support Information:

https://support.broadcom.com/external/content/product-advisories/End-of-Life-and-End-of-Service-dates-for-Control-Compliance-Suite/16154

• The following QF package is available for CCS 11.x:

CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip

For steps to apply this QF, refer to the Readme_CCS_Reporting&Analytics_v11.5.2_10749_28902_QF document that is included in the CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip package in the Download Files section.

Note:  QF 10749 contains the latest Symantec.CSM.AssemblyVerifier.dll for CCS 11.x. QF 10749 replaces QF 10731, which was available in this tech article earlier.

• The following QF package is available for CCS 12.0 and 12.0.1:

CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip

For steps to apply this QF, refer to the Readme_CCS_ReportingAnalytics_v12.0.1_10142_28905_QF document that is included in the CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip package in the Download Files section.

Note:  QF 10142 contains the latest Symantec.CSM.AssemblyVerifier.dll for CCS 12.0 and CCS 12.0.1. QF 10142 replaces QF 10104, which was available in this tech article earlier.