Re: The VIB acceptance level (certified) doesn't m...

STECInc · ‎01-14-2014

Hi,

I am trying to sign the VIB pakage.

On Execution of the vibuthor following command I am keep getting an error :- "The VIB acceptance level (certified) doesn't match the signing certificate"

workbench:/opt/vmware # ./vibtools-5.5.0-1331820/bin/vibauthor --sign -v /tmp/kronos_drivers_signed/192/scsi-stec-s1120-2.2.1.0192-1OEM.500.0.0.472560.x86_64.vib --key ~/.ssh/id_rsa --cert /tmp/e/server.crt

The VIB acceptance level (certified) doesn't match the signing certificate

workbench:/opt/vmware #

Can someone help me to figure out what I am doing wrong ?

Thanks,

Royy

SatyS · ‎01-15-2014

Hi

Just check the acceptance level of your vib.

If it is a custom vib,the acceptance level should be VMWare accepted or above.

-SatyS

If you find this useful,please mark the answer as correct/helpful

Regards,
SatyS
http://myvirtuallearning.wordpress.com/

STECInc · ‎01-15-2014

Hi,

Thanks for the reply.

I checked the acceptance level in descriptor.xml file it has :- <acceptance-level>certified</acceptance-level>

It is custom vib with acceptance level is Vmware Certified.

Is there something else I am missing ?

Thanks,

Royy

SatyS · ‎01-15-2014

Vibs with VMware Certified,VMwareAccepted and PartnerSupported levels must be signed with aprivate key, and the certificate corresponding to that private key must be included in the signature data. VIBs

with acceptance levels that require signing must have a valid signature in addition to being signed by a trusted authority.

Just have a look at this

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CD8QFjAA&url=http%3A%2F...

Hope it helps.

-SatyS

If you find this useful,please mark the answer as correct/helpful

Regards,
SatyS
http://myvirtuallearning.wordpress.com/

STECInc · ‎01-17-2014

Hi,

Thanks for the link.I followed the link ad read the document.

The documents says that I should use my private key to create a certificate. I did follow the following link to create the certificate from private key (http://stackoverflow.com/questions/15571815/how-to-generate-a-private-key-certificate-using-keytool?...).

But Looks like error still exists :-

workbench:~/x509cert #

workbench:~/x509cert # vibauthor --sign -v /root/iovp55/work/kronos_drivers_signed/192/scsi-stec-s1120-2.2.1.0192-1OEM.500.0.0.472560.x86_64.vib --key ~/.ssh/id_rsa --cert ./id_rsa.crt

ck : tmpvibName /root/iovp55/work/kronos_drivers_signed/192/scsi-stec-s1120-2.2.1.0192-1OEM.500.0.0.472560.x86_64.vib.signed

The VIB acceptance level (certified) doesn't match the signing certificate

workbench:~/x509cert #

My vib is not signed and it does have Acceptance level set to Certified :-

**** Info for VIB: 192/scsi-stec-s1120-2.2.1.0192-1OEM.500.0.0.472560.x86_64.vib ****

VIB Format: 2.0.0

VIB ID: Stec_bootbank_scsi-stec-s1120_2.2.1.0192-1OEM.500.0.0.472560

VIB Type: bootbank

Name: scsi-stec-s1120

Version: 2.2.1.0192-1OEM.500.0.0.472560

Vendor: Stec

Summary: stec_s1120: scsi driver for VMware ESX

Description: STEC S1120 PCIe/SCSI ESX Driver

Creation Date: 2013-11-28 12:16:26.123766+00:00

Provides:

scsi-stec-s1120 = 2.2.1.0192-1OEM.500.0.0.472560

Depends:

vmkapi_2_0_0_0

com.vmware.driverAPI-9.2.0.0

Conflicts:

Replaces:

scsi-stec-s1120 << 2.2.1.0192-1OEM.500.0.0.472560

Software Tags: ['driver', 'module']

MaintenanceMode: remove/update: True, installation: True

Signed: False

AcceptanceLevel: certified

LiveInstallAllowed: False

LiveRemoveAllowed: False

CimomRestart: False

StatelessReady: True

Overlay: False

Payloads:

Name Type Boot Size Checksums

scsi-ste vgz 0 37171 sha-256 ebf018f0cfbdfdb4d29949b84c9e2e08513e531288535c8bc7d14f26055ba034

sha-1 83a195554626bfee7b05ea61a580b1c23266ce6e

workbench:~/x509cert #

P.S. I am trying to sign the my .vib on the workbench with workbench's private key.

Regards,

Royy

All

The VIB acceptance level (certified) doesn't match the signing certificate.