Fix MID Server file signature verification failures during upgradeIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } When upgrading your MID Server, the system runs pre-upgrade checks to ensure everything works correctly. One check verifies that the preUpgradeCheck.zip file has a valid digital signature. If this check fails, you'll see a "Signature Verification Failed" error. You might see these common error messages: AutoUpgrade.3600.now SEVERE *** ERROR *** Aborting MID Server upgrade due to pre-upgrade check failure: Signature verification failed: Entry doesn't have valid signer MID Server upgrade error: Signature Verification Failed The system might display these less common errors: Entry is not in manifestEntry is not signedEntry doesn't have valid signerSigner is not entitled for code signingSigner is not trusted by CASigner doesn't have timestampTimestamp certificate is expiredTimestamp certificate is not trusted by CASigner certificate is not valid at the time of signingSigner organization is not O=ServiceNow Inc.Verification policy is missingFailed to load cacerts key storeFailed to find trust anchors from key storeFile has been tamperedError while reading data Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } Any supported release Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } The MID Server uses digital certificates to verify file signatures. These certificates are stored in a file called cacerts, located at MIDPath\agent\jre\lib\security\cacerts When you first install the MID Server, this file contains all the necessary certificates. However, problems occur when: Someone updates the certificates in the cacerts fileSomeone replaces the entire cacerts file These changes can break the signature verification process. Important: Signature verification errors don't prevent your MID Server from connecting to your ServiceNow instance after the upgrade. However, the MID Server needs valid certificates to confirm that files haven't been altered. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } Before you start, read the ServiceNow documentation about MID Servers and Certificates. Choose one of these three solutions: Solution 1: Restore the original cacerts file This solution replaces your modified cacerts file with a working one. Back up your current file: Go to the MID Server that has the issue. Find the file at MIDPath\agent\jre\lib\security\cacertsCreate a backup copy. Get a working cacerts file: Go to a working MID Server.Copy the cacerts file from MIDPath\agent\jre\lib\security\cacerts Replace the nonworking cacerts file with the working one.Import custom certificates: If you had custom certificates in your backed-up file, import them into the new cacerts file.Add any SSL certificates your MID Server needs. Restart the MID Server. Solution 2: Turn off signature verification temporarily This solution disables signature checking during the upgrade. Set the MID Server property, mid.security.signature.verification, to false.Restart the MID Server.Complete the upgrade.Re-enable signature verification by changing the property back to true. Solution 3: Skip pre-upgrade checks This solution bypasses all pre-upgrade checks. Set the MID Server parameter. mid.upgrade.run_precheck, to falseRestart the MID ServerComplete the upgradeRe-enable pre-upgrade checks, by changing the parameter back to true. Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } Add SSL certificates for the MID Server