Normal upgrading of Juniper switches could follow the following steps:
request system software add http://path/image
request system reboot
I have encountered the following error twice when tried to upgrading software for those newly installed switches:
Ex4550> request system software add http://path/image
Checking pending install on fpc1
Checking pending install on fpc0
Pushing bundle to fpc1
Validating on fpc1
Validating on fpc0
Done with validate of </var/tmp/mchassis-4500-install.tgz> on VC members
Verify the signature of the new package
verify-sig: cannot validate certs.pem
certificate is not yet valid: /C=US/ST=CA/L=Sunnyvale/O=Juniper Networks/OU=Juniper CA/CN=PackageProductionRSA_2016/emailAddressfirstname.lastname@example.org
ERROR: Package signature validation failed. Aborting install.
The problem is that the date of the switch is set to a date earlier than the date on which the jloader was built, therefore the certificate for the file is not yet valid. The solution is to either synchronize the date on the switch to a NTP server or to manually set the date.
After configured NTP server, the software image was verified successfully, can upgrading done as always should be.
This problem and solution can be found from the following link