Learn why the ESXi error could not find a trusted signer appears during updates, its impact, and practical ways to resolve it quickly. Our Live Support team is always here to help you.
ESXi Error Could Not Find a Trusted Signer – Causes, Impacts, and How to Resolve
When managing VMware environments, you may come across the ESXi error could not find a trusted signer during upgrades or when installing a VIB (vSphereInstallation Bundle). This error is linked to digital signature verification failures and often interrupts updates, leaving administrators frustrated. Let’s look at why it happens, how it affects your system, and what can be done to address it.
An Overview
How the Error Appears
The error usually comes in the following format:
[InstallationError] ('VIB_name', 'Could not find a trusted signer.')
Examples 1:
[InstallationError] ('VMware_bootbank_lsuv2-hpv2-hpsa-plugin_1.0.0-2vmw.700.1.0.15843807', 'Could not find a trusted signer.')
Example 2:
[InstallationError] ('INT_bootbank_ixgben_1.8.7-1OEM.670.0.0.8169922', 'Could not find a trusted signer.')
Why It Matters
- Upgrade or Update Failure – You cannot install new or updated VIBs.
- Security Risks – Unverified software may slip through if ignored.
- System Stability Issues – Patches and fixes fail, leading to performance problems.
Common Reasons and Practical Resolutions
- Expired or Invalid Certificates
Certificates can expire, especially those signed with keys that became invalid after July 19, 2019 (NIAP compliance).
- Use –no-sig-check (with caution):
esxcli software profile update -p VMware-ESXi-6.7.0-17700523-Custom-Cisco-6.7.3.1-Bundle -d /vmfs/volumes/datastore1/OVA-ISO/VMware/VMware-ESXi-6.7.0-17700523-Custom-Cisco-6.7.3.1-Bundle.zip --no-sig-check
- Keep ESXi updated to handle expired certificates better.
- Missing Trusted Certificates
If the ESXi host lacks the right trusted certificates, validation fails.
- Update or import the latest trusted certificates into the host’s certificate store.
- Outdated ESXi Version
Older versions might not support new signing methods.
- Upgrade the ESXi host:
esxcli software profile update -p VMware-ESXi-7.0.0-15843807-standard -d /vmfs/volumes/datastore1/VMware-ESXi-7.0.0-15843807-depot.zip
- Incorrect Date and Time
If the host clock is wrong, certificate checks can fail.
- Set date and time correctly:
date -s "YYYY-MM-DD HH:MM:SS"
esxcli system ntp set --servers <NTP_SERVER_IP>
- Certificate Not Yet Valid
Sometimes the certificate isn’t valid yet if the system time is ahead of its start date.
Adjust the time so it falls within the certificate’s valid range:
date -s "YYYY-MM-DD HH:MM:SS"
esxcli system ntp set --servers <NTP_SERVER_IP>
Preventing Future Issues
- Regularly refresh trusted certificates on the host.
- Always download VIBs from official and reputable sources.
- Monitor certificate expiry dates to avoid update failures.
- Use automated tools like vSphere Update Manager to manage updates smoothly.
[If needed, Our team is available 24/7 for additional assistance.]
Conclusion
The ESXi error could not find a trusted signer can interrupt critical updates, but with the right approach, checking certificates, keeping ESXi current, and verifying time settings, it can be resolved effectively. Regular maintenance and proactive certificate management will ensure your VMware environment stays secure and reliable.
0 Comments