Kepware Knowledge Base: Solution
How Do I Ensure a Patch Download Is Valid?
Last Update: 11/12/2018
Problem:
Software vendors can use code
signing to add a digital signature to executables at the time of creation. This
digital signature allows users to verify the author's identity and ensure that
the application's integrity has not been compromised. Unfortunately, code
signing is not foolproof. Current operating systems may warn or prevent
execution if an application's signature has become untrusted, but not if the
executable has been competently stripped of its signature. To increase security,
a checksum can be calculated, including the digital signature, to ensure the integrity of a file even after it has
been transmitted or downloaded.
Solution:
- Only download executables from the software author's website, FTP site, or other trusted sources (Tech Support).
- Once downloaded, verify the signer's name that appears in the Digital Signature tab of the file's properties.
- Verify the executable has not been tampered with by ensuring the checksum of the file matches that published by the vendor.
Follow the instructions below to
verify Kepware checksums.
1.
Open a command prompt.
2.
Run
the following command: certutil -hashfile <path/to/file> SHA256.
3.
Compare
the resulting hash to the checksum for the software and version
below.
- KEPServerEX Patch 6.3.279.14: 62 0a 69 5c b6 74 3e ef 47 66 9a 87 27 aa 50 4c 31 83 b2 0d 69 8a b6 a5 20 ed 10 01 c1 4b eb 63
Note: If a checksum or version is not listed above, log in
to the My
Kepware customer self-service portal to
submit a support ticket.
©
2019
PTC Inc. All Rights Reserved.