Hi All-- I'm trying to add the Cisco Nexus VIBs to the HP Customized zip bundle for 5.0U1 downloaded directly from VMware's downloads but I'm getting the "Export-EsxImageProfile : Could not find a trusted signer" error.
Below are my steps. Any help?
1) Download HP's Customized Image Profile ZIP from VMware's Website
2) Open PowerCLI
3) $DeployNoSignatureCheck=$true
4) Add-EsxSoftwareDepot .\VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.zip
5) New-EsxImageProfile -CloneProfile HP-ESXi-5.0.1-standard -Name HP-Cisco-ESXi-5.0.1-standard
6) Set-EsxImageProfile -Name HP-Cisco-ESXi-5.0.1-standard -AcceptanceLevel CommunitySupported
>HP-Cisco-ESXi-5.0.1-standard
7) Add-EsxSoftwareDepot -DepotURL https://hostupdate.vmware.com/software/VUM/PRODUCTION/csco-main/csco-depot-index.xml
😎 Add-EsxSoftwarePackage -imageprofile HP-Cisco-ESXi-5.0.1-standard cisco-vem-v140-esx
9) Compare-EsxImageProfile -ComparisonProfile HP-Cisco-ESXi-5.0.1-standard -referenceprofile HP-ESXi-5.0.1-standard
10) Export-EsxImageProfile -ImageProfile HP-Cisco-ESXi-5.0.1-standard -exporttobundle -filepath .\ESXi-5.0.1-HP-Cisco-623860.zip
Export-EsxImageProfile : Could not find a trusted signer.
At line:1 char:23
+ Export-EsxImageProfile <<<< -ImageProfile HP-Cisco-ESXi-5.0.1-standard -expo
rttobundle -filepath .\ESXi-5.0.1-HP-Cisco-623860.zip
+ CategoryInfo : NotSpecified: (:) [Export-EsxImageProfile], Soap
Exception
+ FullyQualifiedErrorId : System.Web.Services.Protocols.SoapException,VMwa
re.ImageBuilder.Commands.ExportProfile
That was mentioned in an older thread, but besides that mention I have no idea where it is documented.
On the latest PowerCLI build, the Export-EsxImageProfile now has a NoSignatureCheck switch.
Perhaps the switch replaces the variable ?
Can you try with the switch ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try doing
$DeployNoSignatureCheck=$true
before doing the Export-EsxImageProfile
I suspect, there is a FW or something that isn't allowing the cmdlet to reach the CA to verify the certificate.
Update: oops, I notice you already did that. Perhaps try doing it just before the Export-EsxImageProfile
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I tried running the
$DeployNoSignatureCheck=$true
just prior to the Export command and get the same result.
To be clear, I'm trying to inject the latest Cisco Nexus VIBs into the latest HP customized ZIP downloaded directly from VMware and create an HP-Customized ISO + Cisco VIB.
As far as you know, I should be able to do that, right?
Yes, that should work.
I'm just not sure which certificate will be verified.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
There is a problem with the current HP hpvsa driver package being incorrectly signed and causing the "Could not find a trusted signer" error.
Is this one by chance included in the VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.zip bundle?
- Andreas
To answer my own question: yes, it is.
If you do not need the hpvsa driver then remove the package from the custom image profile before exporting it by running
Remove-ESXSoftwarePackage -ImageProfile HP-Cisco-ESXi-5.0.1-standard -SoftwarePackage scsi-hpvsa
Luc,
where is the $DeployNoSignatureCheck thing documented?
I already read a lot about the ImageBuilder snapin, but have not yet stumbled over this?!
- Andreas
That was mentioned in an older thread, but besides that mention I have no idea where it is documented.
On the latest PowerCLI build, the Export-EsxImageProfile now has a NoSignatureCheck switch.
Perhaps the switch replaces the variable ?
Can you try with the switch ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'll try both the switch via the export command and the removal of the hpvsa & report back shortly.
Thanks for the suggestions.
Okay, so good news all the way around-- BOTH solutions actually worked.
If I re-ran my above process as-is but ONLY added the "-NoSignatureCheck" to the end of the export command, it worked just fine.
If I re-ran my above process as-is but removed the HPVSA mode (Remove-ESXSoftwarePackage -ImageProfile HP-Cisco-ESXi-5.0.1-standard -SoftwarePackage scsi-hpvsa), that ALSO worked- and I didn't need the "-NoSignatureCheck".
(Oh, and I didn't need CommunitySupported either)
Since we may have a bunch of new stand-alone hosts (ROBOs) that will have local storage in the near future, I decided to leave the HPVSA in and just used the -NoSignatureCheck.
Below are my complete working steps to get the the Cisco Nexus VIBs injected into the HP Customized Installer. Thanks all for the help!
1) Download HP's Customized Image Profile ZIP from VMware's Website
2) Open PowerCLI
3) Add-EsxSoftwareDepot .\VMware-ESXi-5.0.0-Update1-623860-HP-5.20.43.zip
4) New-EsxImageProfile -CloneProfile HP-ESXi-5.0.1-standard -Name HP-Cisco-ESXi-5.0.1-standard
5) Add-EsxSoftwareDepot -DepotURL https://hostupdate.vmware.com/software/VUM/PRODUCTION/csco-main/csco-depot-index.xml
6) Add-EsxSoftwarePackage -imageprofile HP-Cisco-ESXi-5.0.1-standard cisco-vem-v140-esx
7) Compare-EsxImageProfile -ComparisonProfile HP-Cisco-ESXi-5.0.1-standard -referenceprofile HP-ESXi-5.0.1-standard
😎 Export-EsxImageProfile -ImageProfile HP-Cisco-ESXi-5.0.1-standard -exporttobundle -filepath .\ESXi-5.0.1-HP-Cisco-623860.zip -NoSignatureCheck
9) Export-EsxImageProfile -ImageProfile HP-Cisco-ESXi-5.0.1-standard -exporttoiso -filepath .\ESXi-5.0.1-HP-Cisco-623860.iso -NoSignatureCheck