When using cot on a system with python 2.7.13 and openssl 1.1.0f-3+deb9u1 I receive the following error message when deploying a Cisco CSR1000v:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
The appliance deploys successfully via cot / ovftool, and then cot begins the "Fixing up serial ports on deployed VM..." -- that's when the error message appears.
This same process works fine on another system with python 2.7.4 and openssl 1.0.1e. Google searches on this indicate that other python developers have hit similar snags with various combinations of python and openssl versions, although I'm not entirely clear on what the fix is. :) I don't have an option to downgrade openssl or python on the new system, so I'm hoping this is an easy code tweak...
This is the full command I'm using:
/usr/local/bin/cot -v -f deploy csr1000v-universalk9.16.06.01-4nics.ova.tmp.ova esxi vc1exc02m.c4e-internal.c4e.ops/Net20-EXC02m/host/MGMT-20XC2EXC02-CL1/vm01cl1vc1ag1exc02m.c4e-internal.c4e.ops -u 'administrator@vsphere.local' -p 'xxxxxxxx' -n "cr120XC2" -d 'EXC02_NTNX-DSF_CL1STD_1' -N "GigabitEthernet3=vl91dvs1lg1ag1EXC02m" -N "GigabitEthernet1=vl2dvs1lg1ag1EXC02m" -N "GigabitEthernet2=vl11dvs1lg1ag1EXC02m" -N "GigabitEthernet4=tr2dvs1lg1ag1_transit_vlans_EXC02m" -S "telnet://:7501,server" -o="--noSSLVerify --acceptAllEulas"
Any insight or suggestions are most appreciated.
When using cot on a system with python 2.7.13 and openssl 1.1.0f-3+deb9u1 I receive the following error message when deploying a Cisco CSR1000v:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
The appliance deploys successfully via cot / ovftool, and then cot begins the "Fixing up serial ports on deployed VM..." -- that's when the error message appears.
This same process works fine on another system with python 2.7.4 and openssl 1.0.1e. Google searches on this indicate that other python developers have hit similar snags with various combinations of python and openssl versions, although I'm not entirely clear on what the fix is. :) I don't have an option to downgrade openssl or python on the new system, so I'm hoping this is an easy code tweak...
This is the full command I'm using:
/usr/local/bin/cot -v -f deploy csr1000v-universalk9.16.06.01-4nics.ova.tmp.ova esxi vc1exc02m.c4e-internal.c4e.ops/Net20-EXC02m/host/MGMT-20XC2EXC02-CL1/vm01cl1vc1ag1exc02m.c4e-internal.c4e.ops -u 'administrator@vsphere.local' -p 'xxxxxxxx' -n "cr120XC2" -d 'EXC02_NTNX-DSF_CL1STD_1' -N "GigabitEthernet3=vl91dvs1lg1ag1EXC02m" -N "GigabitEthernet1=vl2dvs1lg1ag1EXC02m" -N "GigabitEthernet2=vl11dvs1lg1ag1EXC02m" -N "GigabitEthernet4=tr2dvs1lg1ag1_transit_vlans_EXC02m" -S "telnet://:7501,server" -o="--noSSLVerify --acceptAllEulas"
Any insight or suggestions are most appreciated.