{"id":1159,"date":"2019-11-27T04:32:54","date_gmt":"2019-11-27T12:32:54","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=1159"},"modified":"2023-09-27T15:06:54","modified_gmt":"2023-09-27T22:06:54","slug":"clearing-up-confusion-ssl-vs-code-signing-certificates","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/clearing-up-confusion-ssl-vs-code-signing-certificates\/","title":{"rendered":"Clearing up the confusion: SSL vs Code Signing&nbsp;Certificates"},"content":{"rendered":"<pre>We\u2019ve had questions from people scratching their heads about the difference between <a href=\"https:\/\/www.ssls.com\/\">SSL Certificates<\/a> and Code Signing Certificates. Because both use public-key encryption, are they interchangeable? The short answer is no. Let\u2019s explore why.\n<\/pre>\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">Authentication &amp; Encryption with SSL<br><br><\/h2>\n\n\n\n<p>Secure Sockets Layer (SSL) <a href=\"https:\/\/www.ssls.com\/blog\/does-your-website-need-an-ssl-certificate\/\">encryption<\/a> protects users by authenticating servers (websites). There are different types of <a href=\"https:\/\/www.ssls.com\/blog\/does-your-website-need-an-ssl-certificate\/\">SSL Certificates<\/a>, with three main types of authentication:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Domain Validation SSL \u2014 authenticates the server, but the owner of the server and website business is unknown.<\/li><li>Organization Validation SSL \u2014 authenticates the server and the business by checking it\u2019s established in an official public listing like dnb.com or bloomberg.com.<\/li><li>Extended Validation SSL \u2014 authenticates the server, and goes the extra mile in legitimising the business i.e. the Certificate Authority not only checks they\u2019re in an official public listing, but also that they\u2019re officially registered as a legal company with their local government, such as Inc. or LLC.<\/li><\/ol>\n\n\n\n<p>While authentication levels may differ, where all SSL Certificates are the same is their level of encryption. Protecting communication between websites and browsers with Hypertext Transfer Protocol Secure (HTTPS) is their main job. The way it works is when users enter a website, the SSL <a href=\"https:\/\/www.ssls.com\/blog\/does-your-website-need-an-ssl-certificate\/\">protection<\/a> kicks in. And when typing in their email, delivery address, credit card details etc. on a website, the SSL encrypts the information as it travels from point A (browser) to point B (website server). Only the customer and the site Admin can unlock the details. Without this encryption, hackers could easily grab these private details in transit. That\u2019s why websites without SSL Certificates are labelled as \u2018Not secure\u2019 by Google in the Chrome browser, and don\u2019t display the closed padlock in browsers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Authentication &amp; Encryption with Code Signing<\/h2>\n\n\n\n<p>Code Signing Certificates use public key encryption for a totally different purpose. They protect users against shady software downloads by authenticating the identity of the software developer or publisher, and signing (validating) software to guarantee it hasn\u2019t been tampered with (such as adding malicious code). When you try to download a piece of unsigned software, your browser or antivirus protection will kick in and warn you that the software originates from an unknown source. You\u2019ll see a popup saying something like: \u2018Do you want to allow this app from an unknown publisher to make changes to your device?\u2019<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><a href=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/2019\/11\/Do-you-want.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"175\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/2019\/11\/Do-you-want-300x175.png\" alt=\"\" class=\"wp-image-1160\" srcset=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/2019\/11\/Do-you-want-300x175.png 300w, https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/2019\/11\/Do-you-want.png 460w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>With a Code Signing Certificate in place, your browser will know to trust the download without suspicion because it can verify the trustworthiness of the code. Sectigo also offers an Extended Validation version, which gives developers an added trust boost with Microsoft approval and a private key in the form of an external hardware token for added <a href=\"https:\/\/www.ssls.com\/blog\/does-your-website-need-an-ssl-certificate\/\">security<\/a>. This has nothing to do with Extended Validation SSL Certificates though.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Other Differences<\/h3>\n\n\n\n<p>There are a couple more things that make SSL Certificates and Code Signing Certificates very different beasts:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>When an SSL expires, your website is no longer protected and will be flagged as \u2018Not secure\u2019 in search results. But if software has a valid Code Signing Certificate that has expired, no error warnings will be shown. That\u2019s why it\u2019s important to get your software from trusted sources.<\/li><li>No chance using these two types of Certificates interchangeably. As we\u2019ve explained, they have totally different purposes and will display error messages if you try.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Wrap Up<\/h3>\n\n\n\n<p>The difference between these two Certificates in a tidy nutshell is that one protects software, the other protects websites: <a href=\"https:\/\/codesigningstore.com\/visual-studio-code-signing-certificate-guide\">Code Signing Certificates add a digital signature<\/a> to software\/code so it doesn\u2019t get flagged with security warnings when people go to install it. They don\u2019t actually encrypt software, just the signature and timestamp as part of what\u2019s called an \u2018authenticated signature block\u2019. SSL Certificates protect websites and display as HTTPS urls. They encrypt ALL communication between user browsers and servers, keeping people protected when they engage with secured websites.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019ve had questions from people scratching their heads about the difference between SSL Certificates and Code Signing Certificates. Because both use public-key encryption, are they interchangeable? The short answer is no. Let\u2019s explore why.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1159","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=1159"}],"version-history":[{"count":7,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1159\/revisions"}],"predecessor-version":[{"id":2727,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1159\/revisions\/2727"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=1159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=1159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=1159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}