virtualbox.org

[adrelanos]

Says application is not signed. See screenshot below.



I am creating appliances, i.e. ova images and would like to sign them. How to do that?

Related things I found but didn't answer this:
- viewtopic.php?f=8&t=80888
- https://www.virtualbox.org/ticket/15666

[socratis]

The thread title has two different parts in it: 1) Host to sign an OVA, 2) What you're trying to import is not signed.

For part 2, the thread you referred to has already the answers, no need to repeat them here again.

For part 1, are you asking how to sign an OVA that you export? Because I don't see an Export dialog, I see an Import dialog.

[dry]

I'm also interested in / if

1. Vbox now allows to sign ova (or ovf..) files automatically, without you going through some console external tools such as openssl, etc. and then packaging ova files yourself
2. If Vbox appliance import actually checks ova / ovf provided been signed. (I never seen such, and I've imported few of my own un-signed ova appliances).

[socratis]

Vbox now allows to sign ova (or ovf..) files automatically, without you going through some console external tools such as openssl, etc. and then packaging ova files yourself

I have not seen a "Sign OVA" tool, and if one is out there, I don't seem to find anything related in the documentation, maybe I'm missing something...

If Vbox appliance import actually checks ova / ovf provided been signed. (I never seen such, and I've imported few of my own un-signed ova appliances).

That is something of a great mystery I guess. We suspect that there are signed OVAs out there, but (like you) I've yet to encounter one.

[dry]

The tool you brought up, is part of VmWare software, and I have used it, but, I found no point for VBox application as it does not / did not check that ovf/ova was signed, in question.
Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.

[socratis]

dry,
I think I'm missing something...

The tool you brought up, is part of VmWare software

*I* didn't bring up anything, it was you that said:

Vbox now allows to sign ova (or ovf..) files automatically

And when I said that I haven't seen this capability in VirtualBox, you reply with a VMWare tool!

Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.

Nah... My interest in encrypting and signing OVAs (or anything else) is purely academical. I've never used it in reality, neither I plan to on my daily workflow...

[dry]

Ah sorry !

I have not seen a "Sign OVA" tool, a

Somehow I read that as I've seen the tool.. bla I'm tired today. sorry. (There is/was such tool in VmWare, but it's just not of much use using with VBox )