signature verification failed with all loaded keys
Symptom
The device downloads the artifact and the agent log shows:
signature verification failed with all loaded keysThe update aborts. The console shows the deployment stuck in pending or failed.
Cause
The artifact was signed with a private key whose corresponding public key is not registered as an active signing key in the organization, or the signing key was rotated after the artifact was uploaded. The server-side check (signature_checker.py) tries every active key for the organization and raises HTTP 422 if none match.
Fix
Confirm which keys are active in the console under Settings → Signing Keys. Download the active public key and verify its fingerprint matches what was used to sign the artifact:
# On the build host, check which key signed the artifactopenssl dgst -sha256 -verify active-key.pub -signature artifact.sig firmware.mender
# List active keys via the APIcurl -s http://localhost:8000/api/signing-keys \ -H "Authorization: Bearer $TOKEN" | jq '.[].fingerprint'Re-sign the artifact with the correct active private key and re-upload, or register the matching public key as a new active signing key under the organization.