top of page

Hash verification and comparison

When you download a large file such as Cisco Identity Services Engine Software (Cisco ISE) in the form of an ISO or OVA you should validate it to make sure that the file has downloaded properly.

In the past, there have been several ways to verify the authenticity of a file.

At the crudest level, you can check the file size or you might check the date the file was created. You could also count the number of files in an ISO or other archive or if you are really keen you could check the size, date, and contents of every file within an archive.

The above suggestions range from ineffective to complete overkill.

One method that has been used for a number of years is for the developers of software and Linux distributions to provide an ISO which they send through an encryption method called MD5. This provides a unique checksum.

The idea is that as a user you can download the ISO and then run a tool which creates an MD5 checksum against that file. The checksum that is returned should match the one located on the website of the software developer. (EXACT MATCH!)

You cannot imagine how often this problem arises in ISE-Deployments. So, always verify the checksum values of any Cisco ISE download , patch files, and upgrade bundles.

It’s very simple to do and can actually rescue you from a corrupted/failed installation,which will cost you a lot of time.

You won’t believe how many customers call me asking why an upgrade failed and now the node won’t boot only to find out the checksum value of the upgrade bundle didn’t match what is shown on the Cisco download page. Something manupulated the file in the transit between source and destination ,so the installation was corrupted.

First of all, you have to find out what the value (should be) from the Cisco download page. Hover over the download link and a small window will then pop up. This window will contain information about that particular download. The information includes the MD5 and SHA512 checksum value of that file.

Here I will guide you how to get the hash in different operation systems:


Linux users can use the md5sum CLI command. Run “md5sum <path/filename>” to find the MD5 value.

$ md5sum ise215261_DefenceCentre11.ova

3b85ec9ab2984b91070128be6aae25eb ise215261_DefenceCentre11.ova

No matter what method you use to verify the checksum value, only use the file if there is an exact match (Tab key will always help for long file names! :)

Check your proxy server and delete the file and try the download again if the values do not match.

Mac OS X

OS X users can simply use the md5 CLI command. Run “md5 <path/file name>” and the MD5 checksum will be calculated.

MD5(mike_AprilPatch33.iso)= 20665acd5f53a8e22275c78e1490dcc7


Use certutil CLI command in Windows in order to get the hash like this :

Run *CMD (Command Prompt of Windows) and type the following command:

“certutil -hashfile <path\filename> MD5”

to find the MD5 value.

There are also several free downloads (IgorWare Hasher)

Download link :

that will allow you to calculate the value as well as compare it to the expected value.

Legal disclaimer:

All product names, logos, and brands are property of their respective owners in the Austria or other countries.

All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.

Use of these names, logos, and brands does not imply endorsement.

The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other comany. Pheniix runs as an independent blog.

bottom of page