2

I'm considering buying an SSL cert from my web host provider (smarterasp.net)

They list the cert as :

SSL-S Comodo SSL Certificate - Single Domain or Subdomain

Do you know if I can use that same cert to sign my .NET app so it will no longer be flagged as dangerous when it is installed on Windows?

I see they also list other certs for purchase which look like:

  1. SSL-E Comodo SSL Certificate - Extended Validation(EV SSL, Green Bar)

  2. SSL-W Comodo SSL Certificate - Multiple Subdomains(*.yourdomain.com)

Would any of these work for dual purposes? Or, are those two things (web securing and app signing) just completely different things to be purchased separately?

raddevus
  • 123
  • 5
  • No. Because signing a apps is mean to provide info to show that the file is not tampered by third party when it is signed. So the signature is unique to that file. – mootmoot Oct 04 '17 at 15:26
  • @mootmoot - thats not how it works. You still need a certificate to create the signature with. What OP is asking is can they use an SSL certificate for that. I believe but don't know that the answer is no. – Hector Oct 04 '17 at 16:25
  • @Hector `if I can use that same cert to sign my .NET app`. Specific OS application code signing usually control by a the OS standard and may not be compatible with SSL certificate standard. – mootmoot Oct 04 '17 at 16:35
  • @mootmoot A signature is unique to a file, but when you have a private key, you can make as many signatures as you like. You can't use the same certificate, but the reason is not the format of signed files, it's the format of certificates (or, more precisely, rules for generating and verifying certificates). – Gilles 'SO- stop being evil' Oct 04 '17 at 16:48
  • @Gilles I see you already answer the question in full. ;-) IMO, from the question, I take it as the OP want to use the "cert" (not the key pair) to sign the file, something like one stone 2 birds so OP don't need to get another cert for file ;-) – mootmoot Oct 04 '17 at 16:55
  • Thanks to everyone for the helpful comments. My question was also in an attempt to save money. I was dreaming that it might be possible to buy a cheap SSL cert to secure my site which I could also use to sign my app. I should've known that would not work because signing the app requires a CA to verify that it is indeed safe and I'm sure that is what you are really paying for : the registration and continued verification. – raddevus Oct 04 '17 at 19:54
  • @raddevus - I believe there are a couple of providers that will issue a free certificate for open source usage. No idea if that would help you or not (i.e. whether the code is currently or could be moved to be open source). – Hector Oct 05 '17 at 07:05
  • Honestly, CA don't care what you do with your file. Even Antivirus rarely care about your file certificate unless your apps earn prominent reputation. File signature is mean to tell other that the file has not been tampered with. – mootmoot Oct 05 '17 at 11:04
  • @Hector My code is open sourced and available on GitHub so I will look into the free signing cert idea. Thanks for the tip. – raddevus Oct 05 '17 at 12:20
  • 1
    @mootmoot - The CA may not care but Windows isn't going to verify an app as signed if the certificate used isn't valid for code signature. Also most CAs would object / revoke your certificate if you were abusing it in a way that they became aware of. A CA's entire business is based on reputation and trust. – Hector Oct 05 '17 at 12:57

1 Answers1

4

No.

The long version follows. I simplified a few things, so don't take every single statement as gospel, but the basic principles are correct.

You can't use the same certificate. You may be technically able to use the same private key, but it won't make your life easier and it would be bad for security.

From a technical point of view, the operations involved in securing a TLS connection and in signing some code for distribution are the same. Your server stores a private key, which nobody else knows. The server uses this private key to sign a {TLS connection handshake message}/{zip file containing your code}. Anybody who receives the signed data can verify that it was signed by someone who knows the private key corresponding to a certain public key K.

They know that the holder of the private key corresponding to K has signed something, but this is not useful unless they also know that you are the holder of this key. A certificate authority issues you a certificate, which says: ”I, undersigned, certificate authority, guarantee that raddevus.com is the holder of the private key corresponding to K“. Only, they say it in math and X.509 rather than in legalese. All this business of saying (in cryptographic language) who someone else is is called a public key infrastructure (PKI).

In addition to establishing a link between "raddevus.com" and K, the certificate states a number of restrictions on its usage. A certificate without restrictions could be dangerous. For example, this certificate doesn't allow you to, in turn, say, “I, undersigned, guarantee that google.com is the holder of the private key corresponding to K”. Well, you can say it, but browsers won't believe you, because your certificate doesn't allow you to make such claims. In technical terms, your certificate doesn't allow you to be a certificate authority. Your browser trusts the certificate authority when it claims that you are raddevus.com because its own certificate says that it's allowed to make such claims, and the reason it can get such a certificate is that it's satisfied the the certificate authority authorities. And your browser has a built-in list of certificate authority authorities that it's willing to accept.

You can look at what's inside a certificate to get a feeling. Modern browsers have an interface for this. In Chrome, open the developer tools and go to the “Security” tab. In Firefox, click on the padlock icon in your browser and follow the directions, e.g. click the padlock then “> (Follow connection details)” then “More Information” in Firefox. Navigate to the certificate details. Let's take https://www.smarterasp.net/ as an example; some highlights are:

  • The “Subject” field lists *.smarterasp.net. This is the website(s) that the certificate is valid for. If the website responded to requests for https://notsmartasp.example.com/ using this certificate, a browser would close the connection because the certificate is not valid for that host name.
  • The “Certificate Subject Alt Name” field also lists *.smarterasp.net, and smarterasp.net. This is the modern way of defining names, not supported by antique browsers.
  • The “Certificate Basic Constraints” field states “not a certificate authority”. It also says “Critical”, that only means that an application that doesn't understand what a “Certificate Key Usage” is should treat the certificate as invalid; “Not Critical” would tell such an application to ignore the field.
  • The “Certificate Key Usage” states “Signing” and “Key Encipherment”. If the server tried to use the key for something else, applications that use the certificate to verify something should reject it.
  • The “Extended Key Usage” states “TLS Web Server Authentication” and “TLS Web Client Authentication”. (These are the English translations of the ASN.1 OID 1.3.6.1.5.5.7.3.1.) This is more precise than “Signing” from the other key usage field.
  • Up above, the “Certificate Hierarchy” shows the chain from the trusted-by-your-browser certificate authority authority, down to the CA and the website.

If you want to sign some code, you need a certificate whose extended key usage includes the OID 1.3.6.1.5.5.7.3.3, which in English is known as “Code Signing”. To do this, follow the steps described in Microsoft's documentation. If you want to know more about how these tools work (I guess you do, or you wouldn't be reading this), read the old instructions. Note that the documentation mentions the requisite extended key usage (they call it “enhanced key usage”, but it's the same thing). The documentation also mentions a few other constraints on the certificate.

If you want to go further and establish the link between that certificate and raddevus.com, you need to get it signed in the Microsoft application distribution PKI, rather than in the TLS PKI. I'm not familiar with this PKI, I don't know how you get into it. I think it involves going through an application store.

While you may in theory use the same private key and generate different certificates from it, one for the web and one for code signing, it would be more work converting between formats than generating two keys. And using the same key would be a bad idea for security. Your web server's private key has to be on the web server because it is needed on each connection (to authenticate the website to the browser). On the other hand, your application signing key only needs to be used when you deploy a new release version of your application. If your server gets breached, you need to revoke its key, get a new one, and people attempting to visit your website and being attacked by a man-in-the-middle (who redirects connections that should go to your site, to their own site) will suffer. If your code signing key is compromised, then until people receive the revocation information, they will be at risk whenever they receive an application package signed with your key; that attack (distributing a dodgy executable) is rather easier to arrange than a man-in-the-middle. So you really should protect your code signing key better than your website authentication key.

Note that you can get a website .

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180