Hi All,
I have a quick question regarding the security of the updates/patches that update manager uses.
Do you know if these updates are signed by VMware and then checked before they are deployed? If so, is there an article or document that states this for record purposes?
Hey bradhoff,
Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .
"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"
And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.
Moderator: Thread moved to the Update Manager area.
Hey bradhoff,
Here is a link that states that VMware signs their products: Configuring the Update Manager Download Sources .
"Patches are cryptographically signed with the VMware private keys. Before you try to install a patch on a host, the host verifies the signature. This signature enforces the end-to-end protection of the patch itself, and can also address any concerns about patch download"
And also with the files you download from My VMware you have the MD5, SHA1 and SHA256 checksum in case you want to verify its validity.
Thanks, Lalegre.