Verify the authenticity and integrity of the binary file by using the
show software authenticity file command. In the following example, taken from a Cisco 1900 Series Router, the command is used to verify the authenticity of
c1900-universalk9-mz.SPA.152-4.M2.bin on the system:
Router# show software authenticity file c1900-universalk9-mz.SPA.152-4.M2
File Name : c1900-universalk9-mz.SPA.152-4.M2
Image type : Production
Signer Information
Common Name : CiscoSystems
Organization Unit : C1900
Organization Name : CiscoSystems
Certificate Serial Number : 509AC949
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
In addition, administrators can use the
show software authenticity running
command to verify the authenticity of the image that is currently
booted and in use on the device. Administrators should verify that the
Certificate Serial Number value matches the value obtained by using the
show software authenticity file on the binary file. The following example shows the output of
show software authenticity running on a Cisco 1900 Series Router running the
c1900-universalk9-mz.SPA.152-4.M2 image.
Router# show software authenticity running
SYSTEM IMAGE
------------
Image type : Production
Signer Information
Common Name : CiscoSystems
Organization Unit : C1900
Organization Name : CiscoSystems
Certificate Serial Number : 509AC949
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : ROMMON 1
Verifier Version : System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
This example also shows that the Certificate Serial Number value,
509AC949, matches the one obtained with the previous example.
No comments:
Post a Comment
Thank you for your comment. Will try to react as soon as possible.
Regards,
Networ King