APM Insight Java agent - Checksum Validation


You can verify the authenticity of the downloaded APM Insight agent with SHA256 checksum validation. This ensures that the downloaded agent is credible and is not tampered with by any malicious code or software.

To verify the authenticity of the agent, follow the steps given below:

  1. Download the checksum file here.
  2. Follow the steps below to validate the checksum value:
    • For Linux systems, execute the following command:

      sha256sum apminsight-javaagent.zip

    • For Windows, you can use either of the following commands:
      • Open Command Prompt and execute the following command:

        certutil -hashfile apminsight-javaagent.zip SHA256

      • Open Windows Powershell and execute the following command:

        Get-FileHash apminsight-javaagent.zip -Algorithm SHA256

  3. After executing the commands, you will obtain a checksum value. Check that value with the one downloaded from the checksum file.

Sample Output:

Note: If the checksum values differ, do not unzip or open the file.

Signed JAR verification

All agent jar files (apminsight-javaagent.jar and apminsight-javaagent-api.jar) are signed with a Zoho Corp. certificate.

To verify the signature, execute this command:

jarsigner -verify -verbose apminsight-javaagent.jar

You can find the file is signed by "ZOHO Corporation Private Limited" at the end of the output.