vSphere VIB signing related updates
search cancel

vSphere VIB signing related updates

book

Article ID: 344877

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides information on VIB signing related changes to vSphere users who get their VIBs signed/certified by VMware.

Environment

VMware vSphere 6.x

Resolution

There are signing-related actions taken to align NIAP compliance and streamline the signing process. Effective vSphere 6.7 U2 and later, VIBs signed with keys that are expired on or after July 19th, 2019 will not be installed on vSphere. All partners are advised to cease signing any VIBs with their existing keys and submit their VIBs to VMware for signing.

Also, in preparation for handling valid certificates across ESX releases, VMware is dual-signing the VIBs. In the case of vSphere 6.x and 7.x releases, you will see an ESXi log message that states:  "Could not find a trusted signer" for one of the certificates used to sign the VIB, this is expected. The other certificate is still valid and will allow the successful installation of the VIB.