I think I've solved the first problem, here's how.  You will need a Linux (or Unix) system to do this though:

1. Extract the cross_cisco-vem-v320-5.2.1.3.2.5.0-6.0.1.vib file from the zip file within Nexus1000v.5.2.1.SV3.2.5-pkg.zip

2. Extract the vib file:

ar vx ../cross_cisco-vem-v320-5.2.1.3.2.5.0-6.0.1.vib

3. Edit the descriptor.xml file using vi or pico/nano etc:

(a) Update the version number from 5.2.1.3.2.5.0-6.0.1   to   5.2.1.3.2.5.0-6.5.0.  This isn't mandatory but it makes it easier to distinguish the fixed version from the Cisco partner version

(b) Update the section:   name="esx-base" relation="=" version="6.0.0" to instead read: "name="esx-base" relation="=" version="6.5.0"

(c) Update the <acceptance-level>partner</acceptance-level> to instead be <acceptance-level>community</acceptance-level> .  This is because we cannot resign the package.

4. Delete the contents of sig.pkcs7 but leave the file in place.  It should then be a 0 byte file.

5. Wrap it all back up:

   ar -r cross_cisco-vem-v320-5.2.1.3.2.5.0-6.5.0.vib descriptor.xml sig.pkcs7 cisco-vem-v320-

NB: the order of the files in this command does matter, the descriptor.xml must come first.

As I haven't modified the actual binary vib itself there is no need to change the payloads or anything else in the descriptor.

6. Copy it to your host:

scp -p cross_cisco-vem-v320-5.2.1.3.2.5.0-6.5.0.vib root@vmware-2:/

7. Accept 'Community' supported vibs on the host:

esxcli software acceptance set --level=CommunitySupported

8. Install

esxcli software vib install -v /cross_cisco-vem-v320-5.2.1.3.2
.5.0-6.5.0.vib

The process above works but I haven't yet been able to fully put everything together so this has only been very lightly tested.  But I can see the vemdpa and vemcmd-API processes running, and the vem status command runs and indicates that things are working.

I'm still working out how to get VCSA 6.5 to accept the .xml file with the certificate so that the VSM can talk to the VCSA again, but at least the installation of the VEMs on the end hosts now seems to be worked around.

I am hoping there may be a place on disk or a certificate repository where I can drop the (extracted) certificate from the xml file and add it as a trusted cert.  Still looking for that though.

Here's the decoded contents of the certificate in the xml file:

thunderstorm tmp # openssl x509 -in cisco_nexus_1000v_extension.xml-2 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, O=Cisco, OU=NexusCertificate, CN=Cisco_Nexus_1000V_938331362
Validity
Not Before: Apr 19 23:45:15 2015 GMT
Not After : Apr 16 23:45:15 2025 GMT
Subject: C=US, ST=CA, O=Cisco, OU=NexusCertificate, CN=Cisco_Nexus_1000V_938331362
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d7:97:94:ae:e5:ff:88:7f:ef:c5:93:e2:80:49:
<snipped>

So it looks like a very standard 1024 bit x509 cert and I'm pretty sure that it's just a matter of somehow getting it in to VCSA via some other means.

Could you maybe share the solution how to install the certificate - i assume it's not possible anymore to do it in one run with the xml extension ? i've managed to modify the xml based on original nexus.xml and invoke method through mob works - but still i'm getting "ERROR: [VMWARE-VIM] i assume this has to do to something with missing certificate ?

I never actually worked out how to import the certificate either.  I was able to tweak the XML file and import that, but like you, I couldn't work out how to get the certificate to install.

The only way around this that I found to work was to do an upgrade from 6.0 (even a blank 6.0 with just the .xml file installed was OK) and go to 6.5 - then it all worked and the certificate somehow remained installed.  I wasn't able to work out how to get the certificate in the system despite spending quite some time working with various certificate stores.

It would be useful if someone from Cisco was able to give us a bit more information about what they are planning and/or what timeframes are likely for this to be resolved properly rather than by some unsupported dirty tricks ;-)

Thanks for sharing, i was also looking into it and it seems it should be possible to import the certificate directly from vcsa shell console. I'll share my findings if i manage to make it work. 

Anyone able to test "Nexus1000v.5.2.1.SV3.2.8" with ESXi 6.5?

Thanks!

Not yet, will try it out as soon as i get my hands on it (strange problem with download it requires now active contract) for free nexus 1000v ? Though release note does not say anything about 6.5 support  Anyway - still didn't get the 2.5 to work with vcsa 6.5. 

I reported the issue to the downloads support group (ent-dl@cisco.com) to fix the support entitlement requirement.  Opened it on Dec 7th and it's been escalated to their internal group, but so far no resolution.

vsum 2.1's out but still no 6.5 support.

We did try to deploy on vcenter vcsa 6.5 but fails with supported version.

Hopefully the guys at cisco hurry up a bit and bring up compatible versions for both vsum and nexus 1000v very soon.

As most people the beta lastet some time and i suppose also cisco is able to participate and test out things before a release. is there any cisco beta program for nexus 1000v ?

vSphere 6.5 What's New training material states that VMware has removed third party virtual switch support from vSphere 6.5 (in favor to VMware NSX business).

I have not seen this statement in anywhere else so I'd take this information with grain of salt as of now, but it may very well be that vSphere 6.0 is last release supporting Nexus 1000v at all.

At the time of this writing, there is no support for 1000v on vCenter 6.5.

We are working on getting this supported currently.

Thanks,

Wes

Thanks Wes, will you support ESXi 6.5 also?

Hey Tomi,

We do support ESXi 6.5 on UCS, we just do not have support for 1000v on vCenter/ESXi 6.5 currently.

HTH,

Wes