Hi Sean -- we are hesitant to replace the current OVA with one leveraging SHA-1 digests, because SHA-1 is no longer considered secure (it was dropped by VMware for good reason). Instead, I am including a script written for Linux, but also tested on Mac command line, which converts the SHA-256 OVA digests to SHA-1. Just run the code as an executable (chmod +x <filename>), and point it to your downloaded OVA file (cnmaestro_sha_convert <OVA file>). If this really doesn't work for you, then ping Rupam or I by private message, and we can look at providing access to the file generated by the script below.
#!/bin/bash -e
# Script to convert a cnMaestro OVA to SHA-1 digests
SOURCE=${1}
TMPDIR=cnmaestro_tmp
if [[ -z ${SOURCE} ]]; then
echo "Usage: ${0} <OVA file>"
exit 1
elif [[ ! -f ${SOURCE} ]]; then
echo "OVA file does not exist: ${SOURCE}"
exit 1
fi
OVF_FILE=$(tar tf ${SOURCE} | grep "\.ovf")
PREFIX=${OVF_FILE%.ovf}
rm -rf ./${TMPDIR}
mkdir -p ./${TMPDIR}
echo "Unpacking OVA file"
tar xvf ${SOURCE} -C ./${TMPDIR} > /dev/null
cd ${TMPDIR}
echo "Generating SHA-1 digests"
openssl dgst -sha1 ${PREFIX}.ovf > ${PREFIX}.mf
openssl dgst -sha1 ${PREFIX}-disk1.vmdk >> ${PREFIX}.mf
openssl dgst -sha1 ${PREFIX}-disk2.vmdk >> ${PREFIX}.mf
SHA1_FILE=${PREFIX}-sha1.ova
echo "Rebuilding OVA file: ${SHA1_FILE}"
tar cvf ${SHA1_FILE} ${PREFIX}.ovf ${PREFIX}.mf ${PREFIX}-disk*.vmdk* > /dev/null
echo "SHA-1 OVA: $(pwd)/${SHA1_FILE}"