SSL certificate same as signing certificate?

ssl-certificate code-signing-certificate
10,130

A code signing certificate is essentially the same as a SSL certificate. Both are used to sign some data to prove that the data (software package or web page content) come from the "subject" of the certificate. There are 2 major differences that I can think of:

  1. They have different "enhanced key usage" OIDs in the certificate. A code signing certificate can only be used to sign a piece of code. Nothing prevents you from signing with the wrong certificate, but the client (e.g. a web browser) will check all "enhanced key usages" listed in the certificate and reject the signature if the certificate does not contain appropriate OID (e.g. "code signing"). This means it's possible for one certificate to have both "code signing" and "server authentication" OIDs so that it can be used for both scenarios. But for security reasons nobody should do that.

  2. SSL certificate becomes invalid once it expires. But code signing certificate gets some special treatment. For example, if you bought some software 10 years ago, the code signing certificate used to sign it probably expired today. But combined with a time stamping service, it's possible to prove the software package was properly signed 10 years ago.

Share:
10,130

Related videos on Youtube

CJ7
Author by

CJ7

Updated on June 05, 2022

Comments

  • CJ7
    CJ7 almost 2 years

    Is a code signing certificate the same as a SSL certificate?

  • jcoffland
    jcoffland over 11 years
    Sorry, you are completely wrong here. An SSL cert always has a private key behind it. When it is used on a Web server the private key is on the server and used by the Web server software (apache, IIS, etc.) to encrypt the connection.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Flutter on Android 7 CERTIFICATE_VERIFY_FAILED with LetsEncrypt SSL cert after Sept 30, 2021
Firebase Hosted flutter app shows not a secure connection error when launching an external URL
Flutter video player wont accept self signed https connection
How to Bypass SSL Certificate Verification in flutter?
Flutter OAuth request fails when using self-signed certificate
How to test api calls from flutter app to localhost service?
Flutter web, problem making request to a server with self signed certificate
Flutter Future<HttpClient> is not a substype of HttpClinet
Specify Subject Alternative Name when generating a self signed certificate
Creating Self-Signed CA Certificate with makecert.exe