Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3158
Views
5
Helpful
3
Replies

cat4500x RSA signature verification failure

Go to solution
tsgruu2000
Level 1
Level 1

‎05-25-2014 10:19 PM - edited ‎03-07-2019 07:32 PM

I try to install the k9 image to a Cat4500x without success. The image has been uploaded using tftp, boot variable set to the new image and config register set to 0x2102. The device hangs in rommon with the following message:

rommon 3 >boot bootflash:cat4500e-universalk9.SPA.03.05.02.E.152-1.E2.bin
Loading image !!!!!!!!!!!!!!!!!!!!!!

 Checking digital signature....

 Verification FAILED for bootflash:/cat4500e-universalk9.SPA.03.05.02.E.152-1.E2.bin, REASON: RSA signature verification failure


Even after uploading the binary again and check md5 checksum I got the same error message.
Could someone give me a hint what I am doing wrong? Is there another procedure to convert the switch from universal to universalk9?

 

Many Thank!
Kind Regards,
Urs
 

 

5 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
arevak
Level 1
Level 1
In response to ibrcan-t-systems

‎03-08-2017 12:53 PM

I just had this same problem yesterday. I learned something new while trying to upgrade to a newer IOS. Make sure you run verify /MD5 on the file after you upload it to the switch. I have always been bad about this and now I see why it's a good practice. I downloaded the file again, deleted the old file off the switch, uploaded the new one, verified MD5, changed the config again and redundancy reloaded the standby supervisor. It's currently rebooting after a successful upgrade.

Probably an issue with your file.

View solution in original post

3 Replies 3

Go to solution
ibrcan-t-systems
Level 1
Level 1

‎09-23-2014 02:46 AM

Hi there I have a similar problem trying to get the cat4500es8-universalk9.SPA.03.06.00.E.152-2.E.bin working.

Here's the output:

 Current BOOT file is --- bootflash:cat4500es8-universalk9.SPA.03.06.00.E.152-2.E.bin

Loading image !!!!!!!!!!!!!!!!!!!!!!

 

 Checking digital signature....

 [mem:/cat4500es8-firmware]

 Digitally Signed Release Software with key version A

 

 

Rommon reg: 0x00084F80

Reset2Reg: 0x0C200000

########

 Conan controller 0x36A00518..0x36C97331 Size: 0x00CAC5EC @

####

 Radtrooper controller 0x3686497C..0x36A00516 Size: 0x00661EDC @

 Link: 0x00000080-0x16000000

 Program Done!

 

 Checking digital signature....

 

 Verification FAILED for mem:/cat4500es8-base, REASON: RSA signature verification failure

 

I have also a SUP8-E where the Software is working fine. I checked there the running config for rsa and it shows me this:


Switch#show run | incl rsa
boot system flash bootflash:cat4500es8-universalk9.SPA.03.06.00.E.152-2.E.bin
boot system flash bootflash:cat4500es8-universalk9.SPA.03.03.00.XO.151-1.XO.bin
 rsakeypair CISCO_IDEVID_SUDI

On the SUp8 which is not working it shows no rsa key?!?

Does anybody have an idea?

Thanks in advance

0 Helpful

Go to solution
arevak
Level 1
Level 1
In response to ibrcan-t-systems

‎03-08-2017 12:53 PM

I just had this same problem yesterday. I learned something new while trying to upgrade to a newer IOS. Make sure you run verify /MD5 on the file after you upload it to the switch. I have always been bad about this and now I see why it's a good practice. I downloaded the file again, deleted the old file off the switch, uploaded the new one, verified MD5, changed the config again and redundancy reloaded the standby supervisor. It's currently rebooting after a successful upgrade.

Probably an issue with your file.

Go to solution
Kevin SAS
Level 1
Level 1

‎03-25-2015 03:41 AM

Exactly the same problem for me with the cat4500e-universal.SPA.03.07.00.E.152-3.E image.

I tried the older version cat4500e-universalk9.SPA.03.06.01.E.152-2.E1 and now it works.

Maybe it was writed on the release note.

thanks ibrcan-t-systems !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card