PHP agent checksum validation
You can verify the authenticity of the downloaded Site24x7 agent with SHA256 checksum validation. This ensures that the downloaded agent is credible and is not tampered with by any malicious code or software.
To verify the authenticity of the agent:
- Download the checksum file from the relevant link.
For agent versions above 4.0:
- Linux glibc 386
- Linux glibc amd64
- Linux glibc arm
- Linux glibc arm64
- Linux musl 386
- Linux musl amd64
- Windows
- Compare the checksum value provided in the downloaded file with the downloaded agent. Follow the steps below in order to validate the checksum value.
- For Linux systems, execute the following command:
sha256sum agent_php.zipIf you have installed APM Insight PHP agent via the recommended method, you can obtain the corresponding checksum value, from the terminal where the script has been executed.
- For Windows, you can use either of the following commands.
- Open Command Prompt and execute the following command:
certutil -hashfile agent_php.msi SHA256
- Open Windows Powershell and execute the given command:
Get-FileHash agent_php.msi -Algorithm SHA256
- Open Command Prompt and execute the following command:
- For Linux systems, execute the following command:
- After executing the commands, you will obtain a checksum value; check that value with the one downloaded from the checksum file.
Sample Output
Agent Signature Verfication:
All the agent files are signed with a Zoho Corp. signature.
To verify, follow the steps below:
Downloading the PGP key for the signature file verification is important. Without the PGP key, the verification may not be successful.
- Download the Site24x7 PHP agent public key (.pub file). It should be similar to the following output. The key can also be downloaded from here.
- Import the public key to your trusted keystore (use .pub or .asc to save the aforementioned key).
"gpg --import site24x7apmphp.pub" or "gpg --import site24x7apmphp.asc"
- Download the signature file(agent_php.zip.sig) and verify the downloaded zip with it's signature.
"gpg --verify agent_php.zip.sig agent_php.zip"