What is SSL Pinning? — A Quick Walk Through

Security Protocols and Man-In-The-Middle Attack

What is SSL Pinning?

ssl pinning

Advantages of SSL Pinning

  • Enhanced user privacy and in-app data security
  • Cost reduction
  • Reduces threat of compromised certificates
  • Reduces exposure of user device malware and eavesdropping
  • Reports Man-in-the-middle attacks

Limitations of SSL Pinning

  • Less flexibility to change certificates — By pinning an app, it becomes cumbersome to change the security certificate. You must update an android app and send it again to Google play for your users to reinstall it.
  • Further, when the app having a pinned SSL certificate, it is hard to introduce any additional security solutions, which functions on reverse proxy technology due to SSL termination.

Two Approaches to Pin SSL Certificate

  • You can directly pin the SSL certificate by binding the certificate in your applications. However, it is significant to implement the transition plan before the certificate expires, else older applications will provide errors.
  • The next method for SSL certificate pinning is pinning the certificate’s public key. With this method, you no need to worry about the expiry of the certificate.

Types of SSL Certificate Pinning

  • Leaf Certificate — Pinning to the Leaf certificate guarantees that your certificate and chain is 100 % valid. However, this type comes with very less expiry time.
  • Intermediate Certificate — Signing of the intermediate certificate denotes that you are trusting your CA. If you want to keep your CA, this is the most recommended SSL pinning type.
  • Root Certificate — It is also known as self-signed certificates and you can employ this type to sign other documents. You should have a strong certificate validation to ensure your CA won’t be compromised.

Conclusion

--

--

--

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Chronicle: Can I Get The Backstory?

Are You Ready To Collect & Cash In?

Grep Master CyberTalents CTF #Linux Essentials

Robocalls — The Final Solution

{UPDATE} Janusze i Gra?yny Hack Free Resources Generator

Ampleforth is Now on Avalanche!

HTTP — The backbone of Internet

Setting Up SSH Keys for Passwordless Login

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Indusface

Indusface

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk

More from Medium

System setup for Forlinx Embedded iMX8MP Platform

Stream Linux or Windows Logs to AWS Cloud Watch

Delivery Drones: Unmanned Aerial Vehicles That’ll Soon Come Knocking at Your Door!

Mocks in Elixir — AWS S3 example