What is certificate pinning?
D5 ยท Crypto ยท CompTIA Security+ SY0-701Certificate pinning (also called SSL pinning) is the practice of hardcoding a known-good certificate or public key into an application. When the app connects to a server, it checks that the server's certificate matches the pinned value โ rejecting any other certificate, even a validly signed one.
Prevents: MITM attacks where an attacker presents a certificate signed by a rogue or compromised CA.
Types: pin the certificate (exact match), pin the public key (more flexible โ survives cert renewal).
Prevents: MITM attacks where an attacker presents a certificate signed by a rogue or compromised CA.
Types: pin the certificate (exact match), pin the public key (more flexible โ survives cert renewal).
Certificate pinning is used in mobile apps to prevent MITM even if the device has a rogue CA installed. The downside: if the pinned cert expires or changes, the app breaks. Used by high-security apps like banking apps.