ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

The ‘Automatic Update Install’ job fails in CCS with error message: Digital signature verification failed

book

Article ID: 161715

calendar_today

Updated On:

Products

Control Compliance Suite Control Compliance Suite Standards Server

Issue/Introduction

Control Compliance Suite (CCS)

The ‘Automatic Update Install’ job fails for CCS version 12.5.1 and 12.5.2 with error message on CCS Console.

A new signing certificate will be used for all CCS files signed after March 2021. Any updates / QF released after this date will require an updated ‘Symantec.CSM.AssemblyVerifier.dll’. This file contains the updated CCS certificate information necessary to validate the certificate for newly released files.

Digital signature verification failed for Update on Application Server (host = Hostname)

Digital signature verification failed for Patch Assessment Content Update on Application Server (host = hostname).

 

Environment

CCS v12.5.1 and 12.5.2 Application Server/Console
CCS v12.5.1 and 12.5.2 Managers

Resolution

IMPORTANT NOTE: Starting in SCU 2021-1, the Assembly Verifier files are now included in the SCU release, and are applied automatically when you apply SCU 2021-1 or newer SCU releases on the Application Server and remote managers.

 

 

 

UPDATED February 25th, 2021 for manual installation only

To resolve this issue, apply the following Hotfix 10129 before you install any CCS product or content update.

  • The following Hotfix (HF) package is available for CCS 12.5, 12.5.1 and for 12.5.2:

HF_10129_CCS_v12.5.1_RU.zip

NOTE: For steps to apply this Hotfix, refer to the ReadMe_HF_10129_CCS_12.5.1.pdf document that is included in the HF_10129_CCS_v12.5.1_RU.zip package in the Download Files section of this KB article.

 

Hotfix 10129 File Information:

HF_10129_CCS_v12.5.1_RU_FEB162021.zip

MD5: a704954cd7990611c9b0c3d20dea2c69

SHA1: 04b3ffe33d000a2aa37757efe05ee0a44042ae2a

 

Symantec.CSM.AssemblyVerifier.dll

MD5: 1abfd755e4d790bac2d2053fdc5289b6

SHA1: e49488962a4ee980fce0e2b28341db19ee2e6dc2

 

symantec.csm.assemblyverifier.x64.dll

MD5: c1a379c5bdc2449ba9df1e939100f60e

SHA1: 35631b1c6bdb4b6fb5668884910f723b9b429860

 

symantec.csm.assemblyverifier.x86.dll

MD5: 7b720bb5bc4237a8b547329473a02652

SHA1: 26ae15b293eb51e55286c210707e8017a618d550

 

 

Deprecated Assembly Verifiers for CCS versions that are no longer supported (CCS versions 11.x, 11.5.x, 12.0, 12.0.1):

End of Support Information:

https://support.broadcom.com/external/content/product-advisories/End-of-Life-and-End-of-Service-dates-for-Control-Compliance-Suite/16154

 

  • The following QF package is available for CCS 11.x:

CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip

For steps to apply this QF, refer to the Readme_CCS_Reporting&Analytics_v11.5.2_10749_28902_QF document that is included in the CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip package in the Download Files section.

Note:  QF 10749 contains the latest Symantec.CSM.AssemblyVerifier.dll for CCS 11.x. QF 10749 replaces QF 10731, which was available in this tech article earlier.

CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip
MD5 - 19a27473687e5ca56eb689aabbf585cb
SHA1 - d69c8568b272b797f3084282f0ac867cff414c16
 
Symantec.CSM.AssemblyVerifier.dll
MD5 - 9da7c6f2ff9b573fab9a8a1330368bb2
SHA1 - 9cfdac4a3c0f98bf75e08aa6906146a20c336772
 
symantec.csm.assemblyverifier.x64.dll
MD5 - 480e7fdb8e41a6ed38479b37b79235e7
SHA1 - aa74ce415a7bb4968c5f974950cdd48e8ea40a61
 
symantec.csm.assemblyverifier.x86.dll
MD5 - 3ffae4c5c6af72f3ed83b97f37e13750
SHA1 - a784e28d34cd65de78eb1b40caa3251e2d043c7b
 
 
  • The following QF package is available for CCS 12.0 and 12.0.1:

CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip

For steps to apply this QF, refer to the Readme_CCS_ReportingAnalytics_v12.0.1_10142_28905_QF document that is included in the CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip package in the Download Files section.

Note:  QF 10142 contains the latest Symantec.CSM.AssemblyVerifier.dll for CCS 12.0 and CCS 12.0.1. QF 10142 replaces QF 10104, which was available in this tech article earlier.

CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip
MD5 - 9682b52baefeaf4d1f1cbf59b88c1f31
SHA1 - 1f26e25cf8c194fc108b4e8a24174e56fc44c418
 
Symantec.CSM.AssemblyVerifier.dll
MD5 - 7dc8d8aaa8b85d330c426bb063fcb2b8
SHA1 - 4a12207133ee23a9cc13a3026392e74d126ae382
 
symantec.csm.assemblyverifier.x64.dll
MD5 - 0d9c998ee93da58eb80fd4edeefc9038
SHA1 - c1f157d581b9aff890aa8c7ab5d97f3379261c2b
 
symantec.csm.assemblyverifier.x86.dll
MD5 - 608725c34cebbf94cd60bc031ce8bfd0
SHA1 - 43059a62de8ccccd4efbcb5315934435c4faad3a
 

 

 

 

Attachments

1614284922839__HF_10129_CCS_v12.5.1_RU_FEB162021.zip get_app
CCS_ReportingAnalytics_v12.0.1_10142_28905_QF.zip get_app
CCS_ReportingAnalytics_v11.5.2_10749_28902_QF.zip get_app