Sign OVA and OVF files with ovftool using PKCS11 library
The following instructions will guide you through signing an Open Virtualization Format (OVF) or Open Virtualization Application or Appliance (OVA) file.
Prerequisites
Configure OpenSSL for signing with DigiCert® Software Trust Manager
Provide your certificate in plain text
Provide your keypair alias
Provide your keypair ID
OVA or OVF file that needs to be signed
Signing instructions
Save DC1-OVA-Signer.sh and the OVA or OVF file you want to sign in the same directory.
Open DC1-OVA-Signer.sh in an IDE or plain text editor.
Paste your certificate in plain text in line 49.
Line 49 should be an empty line between begin and end certificate.
cat > Code_Signing_Certificate.crt << EOF1 -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- EOF1
Save the file.
Run the file.
Make the script executable using:
chmod +x DC1-OVA-Signer.sh
Follow prompts, you will be required to input the following:
Your keypair alias
Example:
Provide the keypair alias of the code signing certificate: keypair2048
Your keypair ID
Example:
Provide the keypair ID of the code signing certificate: 785b9935-c8f6-4ca6-b4f2-04d585eea8d5
The index number next to the file you want to sign.
Example:
Select the OVA or OVF file to be digitally signed: 6
A manifest file will be created.
Enter Y to list the default certificate for the keypair you specified.
Enter Y if the default certificate is correct.
Select Y if you want to create the OVA package or N to exit.
You will receive confirmation that the file has been signed.