Says application is not signed. See screenshot below.
I am creating appliances, i.e. ova images and would like to sign them. How to do that?
Related things I found but didn't answer this:
- viewtopic.php?f=8&t=80888
- https://www.virtualbox.org/ticket/15666
How to sign ova appliance? - application is not signed.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: How to sign ova appliance? - application is not signed.
The thread title has two different parts in it: 1) Host to sign an OVA, 2) What you're trying to import is not signed.
For part 2, the thread you referred to has already the answers, no need to repeat them here again.
For part 1, are you asking how to sign an OVA that you export? Because I don't see an Export dialog, I see an Import dialog.
For part 2, the thread you referred to has already the answers, no need to repeat them here again.
For part 1, are you asking how to sign an OVA that you export? Because I don't see an Export dialog, I see an Import dialog.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 45
- Joined: 6. Aug 2019, 14:27
- Primary OS: Fedora other
- VBox Version: OSE other
- Guest OSses: Linux
Re: How to sign ova appliance? - application is not signed.
I'm also interested in / if
1. Vbox now allows to sign ova (or ovf..) files automatically, without you going through some console external tools such as openssl, etc. and then packaging ova files yourself
2. If Vbox appliance import actually checks ova / ovf provided been signed. (I never seen such, and I've imported few of my own un-signed ova appliances).
1. Vbox now allows to sign ova (or ovf..) files automatically, without you going through some console external tools such as openssl, etc. and then packaging ova files yourself
2. If Vbox appliance import actually checks ova / ovf provided been signed. (I never seen such, and I've imported few of my own un-signed ova appliances).
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: How to sign ova appliance? - application is not signed.
I have not seen a "Sign OVA" tool, and if one is out there, I don't seem to find anything related in the documentation, maybe I'm missing something...dry wrote:Vbox now allows to sign ova (or ovf..) files automatically, without you going through some console external tools such as openssl, etc. and then packaging ova files yourself
That is something of a great mystery I guess. We suspect that there are signed OVAs out there, but (like you) I've yet to encounter one.dry wrote:If Vbox appliance import actually checks ova / ovf provided been signed. (I never seen such, and I've imported few of my own un-signed ova appliances).
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 45
- Joined: 6. Aug 2019, 14:27
- Primary OS: Fedora other
- VBox Version: OSE other
- Guest OSses: Linux
Re: How to sign ova appliance? - application is not signed.
The tool you brought up, is part of VmWare software, and I have used it, but, I found no point for VBox application as it does not / did not check that ovf/ova was signed, in question.
Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.
Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.
-
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: How to sign ova appliance? - application is not signed.
dry,
I think I'm missing something...
I think I'm missing something...
*I* didn't bring up anything, it was you that said:dry wrote:The tool you brought up, is part of VmWare software
And when I said that I haven't seen this capability in VirtualBox, you reply with a VMWare tool!dry wrote:Vbox now allows to sign ova (or ovf..) files automatically
Nah... My interest in encrypting and signing OVAs (or anything else) is purely academical. I've never used it in reality, neither I plan to on my daily workflow...dry wrote:Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
- Posts: 45
- Joined: 6. Aug 2019, 14:27
- Primary OS: Fedora other
- VBox Version: OSE other
- Guest OSses: Linux
Re: How to sign ova appliance? - application is not signed.
Ah sorry !
Somehow I read that as I've seen the tool.. bla I'm tired today. sorry. (There is/was such tool in VmWare, but it's just not of much use using with VBox )I have not seen a "Sign OVA" tool, a
-
- Posts: 3
- Joined: 7. Feb 2019, 17:59
Re: How to sign ova appliance? - application is not signed.
I think the point would be: for the operator to be sure that the appliance they are about to import is from a trusted source (signed). If they don't care, they bypass the notification and import anyway, but if they expect an appliance to be signed and it isn't then they know that the appliance they were about to deploy is suspect / untrusted.dry wrote:The tool you brought up, is part of VmWare software, and I have used it, but, I found no point for VBox application as it does not / did not check that ovf/ova was signed, in question.
Leaving you to do it externally / manually, which I , find, kinda pointless, to an extent.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: How to sign ova appliance? - application is not signed.
Or simply - not signed, as would be expected for the vast majority of user exported OVA files I suggest.UhostWguest wrote:then they know that the appliance they were about to deploy is suspect / untrusted.
Evidently VMWare has added the ability to sign your OVA files, but I have no idea who actually uses that feature unless it was (say) RedHat signing an official release of RHLinux downloaded from their website. I can't see Oracle for example agreeing to use their certificates to sign OVAs just because they were created in VirtualBox. Certainly I know I would get short shrift if I asked Microsoft to sign my executables because they were created in Visual Studio.
And yes, using an external sign tool to sign OVAs is exactly what would expect: it is precisely what I have to do when signing executables.
Re: How to sign ova appliance? - application is not signed.
related VirtualBox bug reports:
* VirtualBox 5.1.0 and 5.1.2 fails to import digitally signed appliance (OVA file)
* Ova/Ovf Signature Verification Issue
VirtualBox bug report written just now:
create appliance signing feature or deprecate the feature (Application is not signed.)
* VirtualBox 5.1.0 and 5.1.2 fails to import digitally signed appliance (OVA file)
* Ova/Ovf Signature Verification Issue
VirtualBox bug report written just now:
create appliance signing feature or deprecate the feature (Application is not signed.)