I have successfully signed the OVF package with ovftool 4.2. The certificate was signed by a Root CA.
Now the problem is that vSphere Web Client runs into the following error during Deploy OVF Template.
Any help is greatly appreciated.
Ahh Okay! There were a few similar issues reported with an Avaya appliance that was supposedly fixed in version 6.5. You may want to upgrade to 6.5 and give it a shot. However since it is working with the thick client, I don't think this is a show stopper
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
Can you check and share the below details?
1) What is that you are trying to deploy?
2) What is the version of the ESXi host? If it is above 6.5 U1, try to deploy the OVF using the host client. If it is below 6.5 U1, try using the good old fat client.
3) If nothing works, you can use the OVF tool to deploy it from the command line. Detailed steps listed in the below blog -
https://cstan.io/?p=8972&lang=en
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
1) I try to deploy a signed OVF that is created with ovftool on Ubuntu as follows:
administrator@csm-sj-alpha:~/ova/ubuntu/tmp$ ovftool --privateKey=csm-sj-alpha.cisco.com-26121.pem Ubuntu1642_CSM351.ovf signed-csm351.ovf
Opening OVF source: Ubuntu1642_CSM351.ovf
The manifest validates
Opening OVF target: signed-csm351.ovf
Writing OVF package: signed-csm351.ovf
Transfer Completed
Completed successfully
administrator@csm-sj-alpha:~/ova/ubuntu/tmp$ ls -tl
total 7098420
-rw-r--r-- 1 administrator administrator 3429 Jul 28 16:59 signed-csm351.cert
-rw-r--r-- 1 administrator administrator 191 Jul 28 16:59 signed-csm351.mf
-rw-r--r-- 1 administrator administrator 3634351104 Jul 28 16:59 signed-csm351-disk1.vmdk
-rw-r--r-- 1 administrator administrator 9363 Jul 28 16:59 signed-csm351.ovf
where csm-sj-alpha.cisco.com-26121.pem is a concatenation of private key, Certificate, Issing CA and Root CA.
2) Both ESXi and vCenter Server Appliance/vSphere Web Client are 5.5
3) There is no error to deploy the signed OVF without vSphere Web Client. Only with vSphere Web Client the error occurs.
Is there any installation / configuration of the certificate on vCenter Server Appliance or vSphere Web Client?
If needed I can send you the pem file that is used to sign the OVF by ovftool in a private email.
I really appreciate it!
Ahh Okay! There were a few similar issues reported with an Avaya appliance that was supposedly fixed in version 6.5. You may want to upgrade to 6.5 and give it a shot. However since it is working with the thick client, I don't think this is a show stopper
Please consider marking this answer as "correct" or "helpful" if you think your questions have been answered.
Cheers,
Supreet
look:
the ovf package is signed with an invalid certificate
Let us know if you fix your problem
where csm-sj-alpha.cisco.com-26121.pem is a concatenation of private key, Certificate, Issing CA and Root CA.
Pem files should not have the private key.......
It should be certificate, issuing CA and root CA only
Thanks,
MS
Hi Supreet,
Yes, I was able to deploy the signed ovf with vSphere Web Client version 6.5. The same signed ovf doesn't work with version 5.5.
I really appreciate your help!
-James
Hi Diego,
Thank you for sharing the link! It does help to solve the problem.
There were two issues: (1) the signed ovf is not recognized by version 5.5 (2) the signed ova deployment in version 6.5 had an error.
Following the reply by Adolph1991, I was able to deploy the VM by selecting 3 files (.mf/.ovf/.vmdk), while the ovf is signed.
Best,
-James
Hi MS,
Thank you for replying!
Normally the pem file does not include the private key. In the case as an input to ovftool, a pem with private key was required.
Best,
-James