Pega Platform hotfix files are digitally signed so that they can be verified and authenticated. Depending on your environment, hotfix files are either verified automatically during installation, or you can manually verify them.

• Automatically verifying hotfix files during installation

  For Pega Platform version 8.5 or later, Pega Platform automatically validates the hotfix file's digital certificate with the provider during installation. This ensures that the signature on the certificate is valid and that the certificate has not been revoked.

• Manually verifying hotfix files by using third-party tools

  For versions of Pega Platform earlier than 8.5, verify the hotfix files manually by using third-party tools such as OpenSSL.

• Disabling hotfix certificate revocation checks

  If your instance of Pega Platform version 8.5 or later does not allow outbound URL connections, and you cannot supply a certificate revocation list (CRL) to Pega Platform, you can disable the revocation check on the hotfix certificate.

• Verifying hotfix authenticity by using a Pega Keystore

  Configure a Pega Keystore to serve as an alternative if your application server does not use your operating system's truststore and if the truststore that you pass into your JDK does not include the correct certificate.