3

I am trying to decide if it's a good idea to do ssl pinning in my iOS game that uses a server to deliver content. It seems like it's important, but the one thing that is really bothering me is the thought of the day that the certificate expires. Since the certificate has to be included in the app bundle, this means there will be a point where users will be forced to upgrade. Depending on what Apple is doing at that time, might mean they can't upgrade due to device / os constrictions. So, I am really nervous about putting this in.

Has anyone had any experience with ssl pinning and expired certificates, making this a seamless, no-down-time thing for your users?

rmaddy
  • 314,917
  • 42
  • 532
  • 579
patrick
  • 9,290
  • 13
  • 61
  • 112

1 Answers1

0

You could get a certificate with a longer expiry, either by buying one or generating a self-signed certificate (which has its pitfalls).

You could also pin against the public key rather than the certificate as a whole.

If it comes to the point where you can't maintain backwards compatibility and older devices can't upgrade, it's just hard luck.

chedabob
  • 5,835
  • 2
  • 24
  • 44