Cloud Build Tools

The home of everything Automation and Orchestration

in Documentation

Build Tools – Orchestrator Package Signing Certificate Creation

by Simon Sparks · 18 January 2026

https://github.com/vmware/build-tools-for-vmware-aria

Firstly you need to download OpenSSL for Windows from the following URL and add it to your windows path environment variable https://slproweb.com/products/Win32OpenSSL.html

You should add the resultant certificate and private key to a zip file named “archetype.keystore-1.0.0”

Filename: cbt-signing-certificate.cfg

[ req]
default_bits=2048
default_keyfile=private_key.pem
distinguished_name=req_distinguished_name
encrypt_key=no
prompt=no
string_mask=nombstr
req_extensions=v3_req

[ v3_req]
basicConstraints=CA:FALSE
keyUsage=digitalSignature,keyEncipherment,dataEncipherment,nonRepudiation
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alternate_names

[ req_distinguished_name]
countryName=GB
stateOrProvinceName=County
localityName=TownOrCity
0.organizationName=CloudBuildTools
organizationalUnitName=DeploymentAutomation
commonName=cloudbuildtools.com
emailAddress=support@cloudbuildtools.com

[ alternate_names]
DNS.1=cloudbuildtools.com

Signed Certificate

opensslgenrsa-passoutpass:CloudBuildTools!\
-outcbt-signing-private-key.pem2048

opensslreq-new\
-configcbt-signing-certificate.cfg
-informPEM\
-keycbt-private-key.pem\
-outformPEM\
-outcbt-signing-certificate.csr

opensslpkcs12-export\
-name"_dunesrsaalias_"\
-outcbt-signing-certificate.pfx\
-inkeycbt-signing-private-key.pem\
-incbt-signing-certificate.crt

opensslpkcs12-incbt-signing-certificate.pfx\
-nocerts\
-outcbt-signing-private-key.pem

opensslpkcs12-incbt-signing-certificate.pfx\
-nokeys
-clcerts
-outcbt-signing-certificate.pem

Self-Signed Certificate

opensslgenrsa-passoutpass:CloudBuildTools!\
-outcbt-signing-private-key.pem2048

opensslreq-new\
--x509\
-sha256\
-days3650\
-keycbt-signing-private-key.pem\
-outcbt-signing-certificate.crt\
-configcbt-signing-certificate.cfg

opensslpkcs12-export\
-name"_dunesrsaalias_"\
-outcbt-signing-certificate.pfx\
-inkeycbt-signing-private-key.pem\
-incbt-signing-certificate.crt

opensslpkcs12-incbt-signing-certificate.pfx\
-nocerts\
-outcbt-signing-private-key.pem

opensslpkcs12-incbt-signing-certificate.pfx\
-nokeys\
-clcerts\
-outcbt-signing-certificate.crt

Discover more from Cloud Build Tools

Subscribe to get the latest posts sent to your email.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like

Browse

Search

Categories