You can manage the software images, hotfixes, and boot locations on the BIG-IP® system using the Configuration utility. You can also enable the automatic software update feature.
For each full release ISO, vADC OVA, and hotfix ISO, a corresponding signature file will be available with the .sig extension. The signature file is handled exactly like an ISO. When the ccmode feature is turned on, the installation process requires you to download the ISO file, as well as the iso.sig.
The signature file is located in iso-name.384.sig, and uses the 307 key/384 hash signature. If an older key (2048 key/256 has signature) is also found, the system will attempt to validate the signature created by the larger key size (the 307 key/384 hash signature).
When you run the ccmode script to put the sensor into a Common Criteria configuration, a db variable called liveinstall.checksig is automatically enabled. This feature compares the ISO file against a sys software signature file, which is meant to catch integrity issues with the product.
Signature validation is the first step performed during the liveinstall process, so if the corresponding signature file for the selected software is not in the library, the installation will not begin.
In the event of liveinstall failure, two error messages can occur: