Skip to main content

Sign OVA and OVF files with ovftool using PKCS11 library

The following instructions will guide you through signing an Open Virtualization Format (OVF) or Open Virtualization Application or Appliance (OVA) file.


Signing instructions

  1. Save and the OVA or OVF file you want to sign in the same directory.

  2. Open in an IDE or plain text editor.

  3. Paste your certificate in plain text in line 49.

    Line 49 should be an empty line between begin and end certificate.

    cat > Code_Signing_Certificate.crt << EOF1
    -----END CERTIFICATE-----
  4. Save the file.

  5. Run the file.

  6. Make the script executable using:

    chmod +x
  7. Follow prompts, you will be required to input the following:

    1. Your keypair alias


      Provide the keypair alias of the code signing certificate: keypair2048
    2. Your keypair ID


      Provide the keypair ID of the code signing certificate: 785b9935-c8f6-4ca6-b4f2-04d585eea8d5
    3. The index number next to the file you want to sign.


      Select the OVA or OVF file to be digitally signed: 6
  8. A manifest file will be created.

  9. Enter Y to list the default certificate for the keypair you specified.

  10. Enter Y if the default certificate is correct.

  11. Select Y if you want to create the OVA package or N to exit.

  12. You will receive confirmation that the file has been signed.
