Stack Overflow
Stack Overflow

Questions tagged [certificate-pinning]

94 questions
13
votes
1 answer

SSL Pinning using Google Volley

I am starting my question by mentioning what I have tried so far: I do not have certificate in my app, I am using SHA256 key only, Most of the answer on internet requires physical certificate in app to load it in keystore, I don't have that. I am…
NaserShaikh
  • 1,576
  • 2
  • 23
  • 39
12
votes
1 answer

Certificate Pinning - Generate SHA256 Pinning Key from Certificate .crt file

I have a running Android application that implements Certificate Pinning with a SHA256 Pin. I use the https://www.ssllabs.com/ssltest tool to obtain that pin. The current server certificate is about to expire, and a new certificate will be applied…
MohanadMohie
  • 1,033
  • 1
  • 10
  • 17
9
votes
1 answer

Retrofit with OKHTTP3 certification pinning

I am using Retrofit 1.9 with OKHTTP3 client and I am trying to add certification pinning. Below is the relevant code: String hostname = "xxxxxx.xx"; CertificatePinner certificatePinner = new CertificatePinner.Builder() .add(hostname,…
Leśniakiewicz
  • 874
  • 1
  • 10
  • 21
8
votes
2 answers

What is the difference between SSL pinning (embedded in host) and normal certificates (presented by server)

I'm not quite understanding the necessity of certificate pinning in SSL connection establishment (to avoid Man in the Middle attacks). SSL cert pinning requires embedding original server certificate in the host to verify with the one presented by…
nari447
  • 834
  • 2
  • 11
  • 25
7
votes
2 answers

SSL Certificate Pinning not working anymore on Android 9

I'm using the following certificate pinning code which has worked for a while (error handling edited out for brevity's sake): private static SSLContext _ssl_context = null; public static SSLSocketFactory get_ssl_socket_factory(Context context) { …
executifs
  • 1,138
  • 1
  • 9
  • 23
7
votes
1 answer

Alamofire ServerTrustPolicy Certificate Pinning Not Blocking Charles Proxy Swift 3

I've searched far and wide and have not been able to find an answer for my question. To make our app more secure, we've been told to use "certificate pinning". We already make use of the Alamofire library for all our API calls, so it seems natural…
Pierce
  • 3,148
  • 16
  • 38
6
votes
1 answer

SSL Pinning Issue with Ionic + Capacitor

As mentioned in the official docs [1], I have been trying to implement SSL Pinning in an Ionic + Angular + Capacitor Project using the Cordova Advanced HTTP plugin [2]. However, each time I open the iOS app with Xcode, it logs an error [3] saying…
Thilina Ashen Gamage
  • 1,367
  • 1
  • 12
  • 21
6
votes
1 answer

How to update pinned ssl certificates android

I am implementing SSL pinning in our android app. I have pinned 2 certificates (current and backup) at the client by embedding them in the app. Now, I want to have a mechanism in place to update these certificates without requiring to roll out an…
ctor
  • 805
  • 1
  • 10
  • 26
5
votes
3 answers

iOS TLS/SSL Pinning using NSRequiresCertificateTransparency key in Info.plist

I want to secure my app against man-in-the-middle (mitm) attacks using SSL Pinning. By default it is possible to use a proxy like Charles or mitmproxy to intercept traffic, and decrypt it using a self-signed certificate. After extensive research, I…
de.
  • 7,068
  • 3
  • 40
  • 69
4
votes
1 answer

Is it possible to restrict DownloadManager.Request to a specific server certificate?

As part of my effort to improve my application's security, I wanted to protect my client from "Man in the Middle" attacks. I've got a common use-case in which my app downloads large files (10-50 mega) from the CDN server. To do that - I'm using the…
Tal Kanel
  • 10,475
  • 10
  • 60
  • 98
4
votes
2 answers

Android SSL certificate pinning with retrofit

I want to do certificate pinning in android app. I am totally frustrated to understand this. Please help me What i have:- .cert type certificate file. .key type key file in which private key stored. I don't have domain name where this certificate…
Saurabh Tripathi
  • 111
  • 1
  • 2
  • 8
4
votes
1 answer

Certificate Pinning in Android Webview

I am creating a small demo app to implement ssl certificate pinning in android webview. I have generated the certificates of the host. Can anyone suggest me how to pin the certificates in the application code. I have searched many links but I am…
AAaa
  • 51
  • 1
  • 3
3
votes
2 answers

How and where domain name is detected and resolved after SSL Pinning

I have tried to search this piece of information but have not found any clue so far, but I believe someone here can rectify me or answer my question with proper logic. When we implement SSL Pinning in our Mobile Application (android/ios), the data…
Nah
  • 1,690
  • 2
  • 26
  • 46
3
votes
1 answer

Mitm proxy with certificate pinned application

I am trying to simulate MITM attack over signal's android messaging application. It's open source, so I put the mitmproxy-ca-cert.pem in android application for pinning and in the mobile trusted certificates too. I am still not getting any query to…
tarun14110
  • 940
  • 5
  • 26
  • 57
3
votes
1 answer

Android How to renewal ssl certificate without app updating in play store

I have used two types of Authorized certificates(commercial ca) used in my Android Studio mobile application inside raw folder. first: .crt (for request encryption ) second: .bks ( request to server with SSL Pinning ) my .crt file expiry is 2 year…
harikrishnan
  • 1,985
  • 4
  • 32
  • 63
1
2 3 4 5 6 7