A valid OVF signature requires two special
files, a manifest (.mf) file that
contains the SHA hash codes of all the files in the package (except the
.mf and
.cert files), and a certificate
file (.cert) that contains the
signed SHA of the manifest file and the X.509 encoded certificate. This
appendix specifies how to use OpenSSL and VMware OVF Tools commands to sign and
validate OVF packages.