USM Anywhere™

The OVF Package Is Invalid and Cannot Be Deployed - SHA256 Error

You can get an error during the VMware Open Virtualization Format (OVF) deployment with certain older versions of VMWare (sub 6). This is due to the legacy SHA changes that were made by VMware.

You can also receive this error when deploying the VMware Open Virtual Appliance (OVA) via the VMware vSphere Client fails:

The OVF package is invalid and cannot be deployed.

The following manifest file entry (line 1) is invalid: SHA256 (xxxxxxxx.ovf).

This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm, which the vSphere Integrated Containers (VIC) OVA was made of. This also affects any OVA deployments via VMware PowerCLI when using the Get-Ovf-Configuration cmdlet.

To resolve this issue, deploy vIC via the vSphere Web Client or VMware ESXI Embedded Host Client because they both support SHA256. However, if you still want to automate your deployments, you must convert the OVA from the Cryptographic Has Algorithm SHA256 to SHA1. To do this, you can use OVF Tool, which is available for all operating systems (OSes) at

To do the conversion, run the following command:

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova

Note: The OVF Tool doesn't install on the OS. You must run an elevated command prompt from the folder that contains the OVF Tool.

Important: If you need more information, contact AT&T Cybersecurity Technical Support for assistance.