"The OVF package is invalid and cannot be deployed" error when deploying the WAF OVA
12/20/2019 15 17987
NOTE: ESXi server versions before 6.5.0 do not support OVF/OVA files with a SHA256 hash.
VMware provides a tool to convert the OVA to SHA1 and allow installation on these older ESXi systems.
The failure is indicated with an error pop up: "The OVF package is invalid and cannot be deployed"
"The following manifest file entry (line 1) is invalid: SHA256(SonicWall_WAF_2_0.0.0-17waf.ova)=..."
This OVA was released with a SHA256 hash. This is the current standard practice for all applications.
NOTE: The 6.0.0 and 5.5.0 versions of ESXi do not support SHA256 and require the OVA to be hashed with SHA1.
Convert the SHA256 OVA to a SHA1 hashed OVA.
VMware upgraded the default hash algorithm to SHA256 for OVA generation. The older vSphere/ESXi clients only support the SHA1 hash.
The conversion is documented in a KB article from VMware: https://kb.vmware.com/s/article/2151537.
To download OVF Tool, please visit:Open Virtualization Format Tool.When installed on a Windows machine the ovftool.exe is not added to the path so it needs to be executed in the directory where it is installed.
NOTE: The above link, to download ovftool.exe, is on a VMware company web page. It may change. If the link becomes broken, navigate to VMware site (https://www.vmware.com/)and search for ovftool to download .)
EXAMPLE:The process to convert an OVA to SHA1 for compatibility with the 6.0 and 5.5 vSphere or ESXi systems:
Open a CMD window (as administrator)
cd C:\Program Files\VMware\VMware OVF Tool
ovftool.exe --shaAlgorithm=SHA1 C:\Users\username\Downloads\SonicWall_WAF_2_0.0.0-17waf.ova C:\Users\username\Downloads\SonicWall_WAF_2_0.0.0-17waf-SHA1.ova