VMware – The OVF package is invalid and cannot be deployed

Send Us a Sign! (Contact Us!)


During a VM migration on a VMware ESX infrastructure, using OVA/OVF formats, VMware importing process could be difficult due to the possibility to deploy the OVF/OVA package, and the vSphere Client fails.

You could see the following error in the vSphere Client Console and during the importing wizard:

The OVF package is invalid and cannot be deployed.
The following manifest file entry (line 1) is invalid: SHA256 (xxxxxxx.ovf).


This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm, which the latest VIC OVA/OVF was made of.

It also affects any OVA/OVF deployments via PowerCLI when using the Get-Ovf Configuration cmdlet.


To resolve this issue, deploy the template OVA/OVF package via the vSphere Web Client or ESXi Embedded Host Client because both support SHA256.

However, if you still want to automate your deployments, you must convert the OVF/OVA from the Cryptographic Hash Algorithm SHA256 to SHA1.

To do this, you can use OVFTool which is available on all OS at: https://www.vmware.com/support/developer/ovf/.

To do the conversion, we will have to run the following command, that basically will spcify which hashing algorithm will be used for the new package OVA or OVF we have specified:

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ovf /path/to/the/new/ova/file-SHA1.ovf

Once the process will be finished, you will be able to use the new OVA/OVF package generated with SHA1 for your future deployments without experiencing any format error.