topic Re: New-ContentLibraryItem OVA import fails with "certificate is not trusted" in VMware PowerCLI Discussions

New-ContentLibraryItem OVA import fails with "certificate is not trusted"

andreir — Thu, 21 May 2020 18:31:52 GMT

Hi all,

using VMware.PowerCLI Core 12.0.0.15947286 on Linux VM. Trying to import an item into vCenter content librarywhich fails with "The certificate is self-signed. The certificate is not trusted..". The certificate check is set to "Ignore" in PowerCLI configuration.

I don't see any options in New-ContentLibraryItem cmdlet to allow untrusted cert. How can I get the OVA imported when vCenter cert is self-signed? Thanks!

PS /home/user> $localContentLibrary = Get-ContentLibrary -Name 'Local library'

PS /home/user> New-ContentLibraryItem -ContentLibrary $localContentLibrary -Name 'nsx-unified-appliance-2.5.1.0.0.15314292' -Files "./tmp/nsx-unified-appliance-2.5.1.0.0.15314292.ova"

An error occurred while trying to update content library item's files. For more details check the inner exception.

vCenter error:

The import of library item 48d9ec5f-5fae-4905-adb1-2bbfa2d5aee1 has failed. Reason: The certificate is self-signed. The certificate is not trusted..

PS /home/user/tmp> Get-PowerCLIConfiguration | select InvalidCertificateAction

InvalidCertificateAction

------------------------

Ignore

Re: New-ContentLibraryItem OVA import fails with "certificate is not trusted"

LucD — Thu, 21 May 2020 18:53:19 GMT

Are you sure this is caused by the vCenter certificate and not the certificate included In the OVF?

Can you import the same via the Web CLient without issue?

Re: New-ContentLibraryItem OVA import fails with "certificate is not trusted"

andreir — Thu, 21 May 2020 19:08:54 GMT

Hi Luc,

just tried it with the Web Client and it looks like you're right - the problem is with the self-signed certificate bundled with the OVA. This is an official NSX-T OVA that I downloaded from VMware. If I click "Proceed Anyway" then it's imported successfully.

It looks like there is no functionality to ignore OVA certificate with "New-ContentLibraryItem"? Perhaps this can be added in the future?

Thank you!

Re: New-ContentLibraryItem OVA import fails with "certificate is not trusted"

LucD — Thu, 21 May 2020 19:14:46 GMT

I would suggest to open an SR for this.
I agree that an official OVA should not contain self-signed certificates.

And yes, the option to bypass the certificate check is missing on the cmdlet.

I would suggest to launch an idea for this at VMware PowerCLI

In parallel inform your TSA

Re: New-ContentLibraryItem OVA import fails with "certificate is not trusted"

andreir — Thu, 21 May 2020 22:55:50 GMT

Just in case someone else hits this - until the cmdlet option is added, a solution is to unzip the ova, remove the .cert file, and import it as ovf.