Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA] AutoUpdate not successful due to missing Juniper Public Key (AU Keys)

1

0

Article ID: KB35402 KB Last Updated: 04 Jan 2020Version: 1.0
Summary:

How to resolve AutoUpdate issues due to missing Juniper Public Key.

Symptoms:

By default, on the JSA Console (7.3 releases) there are two gpg keys present which we can validate with the following command:

gpg --list-keys

Output:

/root/.gnupg/pubring.gpg
------------------------
pub   1024D/69865E78 2009-04-21
uid                  Autoupdate Generation (AUGen)
sub   2048g/4D4080FD 2009-04-21
 
pub   1024D/E6FF3F75 2011-06-20
uid                  Juniper Networks STRM (STRM Auto-Update) <security@juniper.net>
sub   2048g/02328E16 2011-06-20

Note: Key numbers are Highlighted in the output above.

If any or both the Key(s) are missing, then the AutoUpdate may show the following error message:

[ERROR] Could not verify the authenticity of /store/autoupdates/patches/patches.manifest.xml.
Solution:
  1. If any or both of them are missing, then download the relevant key from the following link:

    JSA_AU_Keys  (A zip file:JSA_AU_Keys.zip will be downloaded which contains:JSA-AU_E6FF3F75.key & JSA-AU_69865E78.key)

  2. Transfer the JSA-AU>##.key file to your JSA Console server.

  3. Go to the specific directory where we have transferred the file and run the import commands as per your requirement (after validating which key is missing)

    gpg --import JSA-AU_E6FF3F75.key 
    gpg --import JSA-AU_69865E78.key 
  4. Post which validates the public key list:

    gpg --list-keys
    /root/.gnupg/pubring.gpg
    ------------------------
    pub   1024D/E6FF3F75 2011-06-20
    uid                  Juniper Networks STRM (STRM Auto-Update) <security@juniper.net>
    sub   2048g/02328E16 2011-06-20
    
    pub   1024D/69865E78 2009-04-21
    uid                  Autoupdate Generation (AUGen)
    sub   2048g/4D4080FD 2009-04-21
  5. Now we can again trigger the AutoUpdate job from the GUI.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search