The OVF package is invalid and cannot be deployed - SHA256 Error

"The OVF package is invalid and connot be deployed" 


  • Deploying the OVA via the vSphere Client fails
  • You receive this error:

The OVF package is invalid and cannot be deployed

The following manifest file entry (line 1) is invalid: SHA256 (xxxxxxxx.ovf)


This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm, which the VIC OVA was made of. This also affects any OVA deployments via PowerCLI when using the Get-Ovf-Configuation cmdlet.


To resolve this issue, deploy vIC via the vSphere Web Client or ESXI Embedded Host Client because they both support SHA256.

However, if you still want to automate your deployments, you must convert the OVA from the Crypotographic Has Algorithm SHA256 to SHA1.

To do this, you can use OVFTool which is available for all OS's at:

To do the conversion, run the following command (NOTE: the OVFTool does not install on the OS. You must run an elevated command prompt from the folder that contains the OVFTool):

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova

You can now use the new OVA generated with SHA1 for your future deployments without experiencing any format errors.