Skip to main content

Sign OVA and OVF files with ovftool using PKCS11 library

The following instructions will guide you through signing an Open Virtualization Format (OVF) or Open Virtualization Application or Appliance (OVA) file.

Prerequisites

Signing instructions

  1. Save DC1-OVA-Signer.sh and the OVA or OVF file you want to sign in the same directory.

  2. Open DC1-OVA-Signer.sh in an IDE or plain text editor.

  3. Paste your certificate in plain text in line 49.

    Line 49 should be an empty line between begin and end certificate.

    cat > Code_Signing_Certificate.crt << EOF1
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    EOF1
  4. Save the file.

  5. Run the file.

  6. Make the script executable using:

    chmod +x DC1-OVA-Signer.sh
  7. Follow prompts, you will be required to input the following:

    1. Your keypair alias

      Example:

      Provide the keypair alias of the code signing certificate: keypair2048
    2. Your keypair ID

      Example:

      Provide the keypair ID of the code signing certificate: 785b9935-c8f6-4ca6-b4f2-04d585eea8d5
    3. The index number next to the file you want to sign.

      Example:

      Select the OVA or OVF file to be digitally signed: 6
  8. A manifest file will be created.

  9. Enter Y to list the default certificate for the keypair you specified.

  10. Enter Y if the default certificate is correct.

  11. Select Y if you want to create the OVA package or N to exit.

  12. You will receive confirmation that the file has been signed.