Verifying the download package

MD5 files can be used verify the integrity of packages that are downloaded from HCL. HCL provides MD5 values for all recent HCL Commerce eAssemblies and Update Packages.

Before you begin

To generate a hash signature, you must identify and obtain an MD5 hash utility. Most UNIX and Linux operating systems include utilities to generate an MD5 hash. Microsoft Windows does not include an MD5 utility, but many third-party options are available.

About this task

The following steps provide high-level instructions to verify the download package:


  1. Use your MD5 hash utility to generate a hash signature of your copy of the package.
  2. Compare the generated signature hash with the HCL MD5 value. Ensure that the values are identical.
    To confirm MD5 values, you can obtain a copy from HCL in one of two ways:
    1. Viewing the file properties on the HCL License and Delivery portal. You can view the file MD5 value by clicking on the + icon in the + column, to the left of the file description.
    2. Viewing a copy of its MD5 value on the HCL Commerce eAssemblies documentation page.


If the values are identical, then proceed to install or use the package. If the values are not identical, then the package might be corrupted. Try to download the package from the trusted HCL source and verify the values. If the values do not match, then contact HCL Support.