During a VM migration on a VMware ESX infrastructure, using OVA/OVF formats, VMware importing process could be difficult due to the possibility to deploy the OVF/OVA package, and the vSphere Client fails.
You could see the following error in the vSphere Client Console and during the importing wizard:
The OVF package is invalid and cannot be deployed. The following manifest file entry (line 1) is invalid: SHA256 (xxxxxxx.ovf).
Cause
This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm, which the latest VIC OVA/OVF was made of.
It also affects any OVA/OVF deployments via PowerCLI when using the Get-Ovf Configuration cmdlet.
Resolution
To resolve this issue, deploy the template OVA/OVF package via the vSphere Web Client or ESXi Embedded Host Client because both support SHA256.
However, if you still want to automate your deployments, you must convert the OVF/OVA from the Cryptographic Hash Algorithm SHA256 to SHA1.
To do this, you can use OVFTool which is available on all OS at: https://www.vmware.com/support/developer/ovf/.
To do the conversion, we will have to run the following command, that basically will spcify which hashing algorithm will be used for the new package OVA or OVF we have specified:
ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova
Or:
ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ovf /path/to/the/new/ova/file-SHA1.ovf
Once the process will be finished, you will be able to use the new OVA/OVF package generated with SHA1 for your future deployments without experiencing any format error.