.svg){kind=logo}
It is recommended to verify the integrity of the downloaded Unified Agent’s JAR file per each release. The following two options are available:
-
Checksum verification
Calculate the SHA-256 checksum of the Unified Agent’s JAR file and compare it to the published checksum file (in GitHub or S3). -
Signature verification
Use the JarSigner tool to verify the signature of the Unified Agent's JAR file and ensure that it originated from mend. Do as follows:-
Download JarSigner (there are multiple sources from where the utility can be downloaded).
-
From the command line, enter the following command to run JarSigner and view the list of security certificates in the JAR file:
jarsigner -verify -verbose <UA jar>
-
After running, ensure that the Mend information appears in the list of security certificates.