Vulnerability Hotfixes:Signature verification failed | Support Center

Contact a Moderator

Question

4

Replies

1398

Views

Bharath.Suntigikar

Member since 2018

Capgemini

Posted: Jul 8, 2022

Last activity: Nov 17, 2023

Closed

Solved

Vulnerability Hotfixes:Signature verification failed

Report

As a part of "Pega Security Advisory - Apache Log4j - Vulnerability Hotfixes for Pega 8.6 "

When we tried to import using hot fix manager from UI, getting below error message

Signature verification failed for DL-7577_HF-54923.zip: Failed to verify signatures:

***Edited by Moderator: Pooja Gadige to add capability tag***

To see attachments, please log in.

Pega Platform 8.6

Case Management

Financial Services

Senior System Architect

Like (0)

Accepted Solution

Posted: 2 years ago

Updated: 2 years ago

Bharath.Suntigikar

Capgemini

replied to Bharath.Suntigikar

Report

@Bharath Suntigikar we also got same error while importing these hfixes.Set hotfixmanager/enableRevocation DSS to false and it will work.

To see attachments, please log in.

Likes (2)

Posted: 2 years ago

CelesteDufresne_GCS

PEGA

replied to Bharath.Suntigikar

Report

@Bharath.Suntigikar Setting this DSS is a workaround that disables a security feature in the product. It is not the correct solution to this environment hot fix installation issue.

To see attachments, please log in.

Likes (2)

Posted: 1 year ago

Subin Jerald

CGI

replied to CelesteDufresne_GCS

Report

Hi @CelesteDufresne_GCS - If setting up the DSS value is not the process as it disables the security feature, can you please suggest the right steps to be followed for the same.

To see attachments, please log in.

Like (0)

Posted: 1 year ago

trina_r

TD

replied to Subin Jerald

Report

@Subin Jerald https://docs.pega.com/bundle/platform/page/platform/deployment/hotfixes-verify-authenticity.html this mentions different ways to solve this problem. One of them is of course to set the DSS to false

To see attachments, please log in.

Like (0)