Solving error during CF update: Failed Signature Verification

November 1, 2019
ColdFusion troubleshooter
Legend 57 posts
Followers: 51 people
0

Solving error during CF update: Failed Signature Verification

ColdFusion troubleshooter
Legend 57 posts
Followers: 51 people
November 1, 2019

If you try to update to CF2018 update 5 (or later) or CF2016 update 12 (or later) using the CF Admin update process, you may find that you get the following error during the update process:

“Failed Signature Verification”

This happens if you try to go to those updates but have not installed the June 2019 updates, either CF2018 update 4 or CF2016 update 11.  The simplest solution is to run either of those updates first. Then try the later update. For more, including why and another option, read on.

How this is new, and why it happens

This is a new problem since those specific updates. We have never had to run one update before running another. It IS indicated in the blog posts and technotes from Adobe about the updates, but folks often don’t notice or read those.

What happened is that Adobe implemented an update to the verification process, which happens at the end of the process of downloading the update, when running the update in the CF Admin. After the file is downloaded, it is then “verified” using a client/server certification process. Because it was updated as of those June 2019 updates, that’s why you need those updates in place before the verification will work for later updates.

Some may recall that this is very similar to what happened back when CF10 was first released. Just weeks after it came out, the Adobe server certificate used for this verification process was breached, and we were told back then to run a “mandatory update”, which was a jar file. You needed to download and run that from the command-line, which was a bit much for most folks.

At least with this new update, it simply involves getting the June 2019 update (for either CF 2016 or 2018) in place.

How else can you avoid this, without running multiple updates?

You may have caught that I did say specifically above that this happens if you run the CF updates from within the CF Admin.

If instead you run the update from the command line, then you do NOT need to do the June update first. You can go right to the Sept 2019 update (CF2016 update 12 or CF2018 update 5), or later (if you are reading this when they have been surpassed with new updates. Other than this one bump in the road, CF updates are always cumulative and you need only do the latest, not ones you’d skipped).

If you wonder why you can avoid the problem when doing a manual update (versus using the admin), it’s because instead YOU will be the one who finds and downloads the update (as a jar, using a link such as is offered in the technote for each update, in its subsection “Installing the update manually”). And your download will not do any such “signature verification”.

As for doing the update manually, again that’s discussed in each technote. You can also find more about it in a blog post I did…

Solving others update problems.

Indeed, if you have any problems running CF updates, you may find that I have the answer you need in the blog post, which is here:

https://coldfusion.adobe.com/2019/03/problems-applying-cf-update-check-first/


For more blog content from Charlie Arehart, see his posts here as well as his posts at carehart.org. And follow him on Twitter and other social media as carehart.

Comments (0)
Add your comment