When attempting to install VIBs on ESXi hosts with TPM and Secure Boot enabled, the installation fails with certificate verification errors. This affects the deployment of third-party software components that require VIB installation.

• ESXi hosts with TPM enabled
• Secure Boot enabled
• Third-party software components requiring VIB installation
• ESXi 7.0 and later versions
• VIB installation attempts fail
• Error messages indicate certificate verification failures
• Image profile staging fails with trusted signer errors
• Typical error message: "Could not find a trusted signer: unable to get local issuer certificate"

When TPM and Secure Boot are enabled on ESXi hosts, they require VIBs to be signed with VMware-approved certificates. Unsigned VIBs or VIBs signed with non-VMware-approved certificates cannot be installed in this secure configuration.

For software vendors and developers:

1. Join the TAP (Technology Alliance Partner) program
   1. Visit the TAP program portal
   2. Complete the certification process for the VIBs
   3. Obtain proper VMware signing for these components

For system administrators:

1. Verify that the software vendor has properly signed VIBs:
   1. Request confirmation of VMware certification
   2. Ensure software is the certified version
   3. If installation still fails:
      1. Collect the VIB installation logs
      2. Contact the software vendor's support
      3. Provide the error messages and logs

Note: Disabling TPM or Secure Boot is not recommended as it compromises system security.

• Understanding Acceptance Levels for VIBS and Hosts
• vCenter Server and ESXi Security Best Practices and Resources
• Securing ESXi Hosts with Trusted Platform Module