Hello, I would like to ask you to confirm my understanding of singing the CSAR package
According to ETSI SOL004 Option 2: The complete CSAR file shall be digitally signed with the VNF provider private key. The VNF provider delivers one zip file consisting of the CSAR file, a signature file and a certificate file that includes the VNF provider public key. The certificate may also be included in the signature container, if the signature format allows that. I n example of CSAR with a signature would be highly appreciated , further I would think the following workflow to sign the package , would you please confirm those steps - Create private key via OPENSSL . - Creation certificate request via OPENSSL https://www.openssl.org/docs/manmaster/man1/openssl.html - Send the certificate request to CSP so they send back the certificate “Public Key” via their certificate authority either on VIM or Mano and most probably on MANO - The I sign it via *openssl CMS* https://www.openssl.org/docs/man1.0.2/man1/cms.html Thanks a lot Best Regards <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Garanti sans virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16789): https://lists.onap.org/g/onap-discuss/message/16789 Mute This Topic: https://lists.onap.org/mt/31380663/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
