Docs Menu

Docs HomeMongoDB Ops Manager

Verify Integrity of Ops Manager Packages

On this page

  • Verify a deb Package
  • Verify an rpm Package
  • Verify a tar.gz Archive

Starting in Ops Manager 4.4.14, the MongoDB release team digitally signs Ops Manager packages to certify that they are valid and unaltered MongoDB releases. Before installing Ops Manager, validate the package using the provided PGP signature.

PGP signatures provide the strongest guarantees by checking both the authenticity and integrity of a file to prevent tampering.

1
  1. Open your preferred browser to visit the MongoDB Download Center on MongoDB.com.

    If you start from MongoDB.com, click Products Ops Manager Try it now.

  2. From the Platforms drop-down menu, click Ubuntu 18.04.

  3. From the Packages drop-down menu, click DEB for x86_64 architecture.

  4. Click Download.

    The downloaded package is named mongodb-mms-<version>.x86_64.deb, where <version> is the version number.

2
curl -O https://pgp.mongodb.com/opsmanager-<version>.asc
3

In the following command, replace <version> with the version of the Ops Manager package.

curl -O https://downloads.mongodb.com/on-prem-mms/deb/mongodb-mms-<version>_x86_64.deb.sig
4
gpg --import opsmanager-<version>.asc
5

In the following command, replace <version> with the version of the Ops Manager package.

gpg --verify mongodb-mms-<version>_x86_64.deb.sig \
mongodb-mms-<version>_x86_64.deb

When the package is successfully verified, you receive a response like the following:

gpg: Signature made Wed Jun 23 15:44:30 2021 UTC
gpg: using RSA key 056AB6A90E47FE40
gpg: Good signature from "Ops Manager <version> Release Signing Key <packaging@mongodb.com>" [unknown]

If the package is properly signed, but you don't currently trust the signing key in your local trustdb, gpg also returns the following message:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D657 EF0E F51C 41B7 AE11 1CAF 056A B6A9 0E47 FE40
1
  1. Open your preferred browser to visit the MongoDB Download Center on MongoDB.com.

    If you start from MongoDB.com, click Products Ops Manager Try it now.

  2. From the Platforms dropdown menu, click one of the following options:

    • Red Hat + CentOS 7, 8 / SUSE 12 + 15 / Amazon Linux 2

  3. From the Packages dropdown menu, click RPM.

  4. Click Download.

    The downloaded package is named mongodb-mms-<version>.x86_64.rpm, where <version> is the version number.

2
curl -O https://pgp.mongodb.com/opsmanager-<version>.asc
3
sudo rpm --import opsmanager-<version>.asc
4

In the following command, replace:

  • <version> with the version of the Ops Manager package.

  • <architecture> with the CPU architecture for the package. This value must be x86_64.

sudo rpm -K mongodb-mms-<version>.<architecture>.rpm

When the package is successfully verified, you receive a response like the following:

mongodb-mms-<version.arch>.rpm: rsa sha1 (md5) pgp md5 OK
1
  1. Open your preferred browser to visit the MongoDB Download Center on MongoDB.com.

    If you start from MongoDB.com, click Products Ops Manager Try it now.

  2. From the Version dropdown menu, click one of the provided stable versions.

  3. From the Platform dropdown menu, click one of the following options:

    • Red Hat + CentOS 7, 8 / SUSE 12 + 15 / Amazon Linux 2

    • Debian 9, 10, 11 / Ubuntu 18.04

  4. From the Package dropdown menu, click tar.gz.

  5. Click Download.

    The downloaded package is named mongodb-mms-<version>.x86_64.tar.gz, where <version> is the version number.

2
curl -O https://pgp.mongodb.com/opsmanager-<version>.asc
3

In the following command, replace:

  • <version> with the version of the Ops Manager package.

  • <architecture> with the CPU architecture for the package. This value must be x86_64.

curl -O https://downloads.mongodb.com/on-prem-mms/tar/mongodb-mms-<version>.<architecture>.tar.gz.sig
4
gpg --import opsmanager-<version>.asc
5

In the following command, replace:

  • <version> with the version of the Ops Manager package.

  • <architecture> with the CPU architecture for the package. This value must be x86_64.

gpg --verify mongodb-mms-<version>.<architecture>.tar.gz.sig \
mongodb-mms-<version>.<architecture>.tar.gz

When the package is successfully verified, you receive a response like the following:

gpg: Signature made Wed Jun 23 15:44:30 2021 UTC
gpg: using RSA key 056AB6A90E47FE40
gpg: Good signature from "Ops Manager <version> Release Signing Key <packaging@mongodb.com>" [unknown]

If the package is properly signed, but you don't currently trust the signing key in your local trustdb, gpg also returns the following message:

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: D657 EF0E F51C 41B7 AE11 1CAF 056A B6A9 0E47 FE40
←  Upgrade Ops ManagerCreate or Import a MongoDB Deployment →