vSphere VIB signing related updates
Article ID: 344877
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
This article provides information on VIB signing related changes to vSphere users who get their VIBs signed/certified by VMware.
Environment
VMware vSphere 6.x
Resolution
There are signing-related actions taken to align NIAP compliance and streamline the signing process. Effective vSphere 6.7 U2 and later, VIBs signed with keys that are expired on or after July 19th, 2019 will not be installed on vSphere. All partners are advised to cease signing any VIBs with their existing keys and submit their VIBs to VMware for signing.
Also, in preparation for handling valid certificates across ESX releases, VMware is dual-signing the VIBs. In the case of vSphere 6.x and 7.x releases, you will see an ESXi log message that states: "Could not find a trusted signer" for one of the certificates used to sign the VIB, this is expected. The other certificate is still valid and will allow the successful installation of the VIB.
Also, in preparation for handling valid certificates across ESX releases, VMware is dual-signing the VIBs. In the case of vSphere 6.x and 7.x releases, you will see an ESXi log message that states: "Could not find a trusted signer" for one of the certificates used to sign the VIB, this is expected. The other certificate is still valid and will allow the successful installation of the VIB.
Feedback
Yes
No
Powered by
