What is SSL Pinning? — A Quick Walk Through

Security Protocols and Man-In-The-Middle Attack

What is SSL Pinning?

ssl pinning

Advantages of SSL Pinning

  • Enhanced user privacy and in-app data security
  • Cost reduction
  • Reduces threat of compromised certificates
  • Reduces exposure of user device malware and eavesdropping
  • Reports Man-in-the-middle attacks

Limitations of SSL Pinning

  • Less flexibility to change certificates — By pinning an app, it becomes cumbersome to change the security certificate. You must update an android app and send it again to Google play for your users to reinstall it.
  • Further, when the app having a pinned SSL certificate, it is hard to introduce any additional security solutions, which functions on reverse proxy technology due to SSL termination.

Two Approaches to Pin SSL Certificate

  • You can directly pin the SSL certificate by binding the certificate in your applications. However, it is significant to implement the transition plan before the certificate expires, else older applications will provide errors.
  • The next method for SSL certificate pinning is pinning the certificate’s public key. With this method, you no need to worry about the expiry of the certificate.

Types of SSL Certificate Pinning

  • Leaf Certificate — Pinning to the Leaf certificate guarantees that your certificate and chain is 100 % valid. However, this type comes with very less expiry time.
  • Intermediate Certificate — Signing of the intermediate certificate denotes that you are trusting your CA. If you want to keep your CA, this is the most recommended SSL pinning type.
  • Root Certificate — It is also known as self-signed certificates and you can employ this type to sign other documents. You should have a strong certificate validation to ensure your CA won’t be compromised.

Conclusion

--

--

--

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Sailboat Championship Hack Free Resources Generator

Enabling TLS 1.3 Certificate — Are You Ready for Moving Forward?

TLS Certificate

How to Avoid Contactless Payment Fraud

What is Authentication and Verification?

Weekly Notes: legal news from ICLR, 23 May 2022

Lampyre update — June 2022: new sources and searches

RIVETZ: Decentralised and Mobile Cyber-Security Token

Why SOC 2 Compliance Matters Now More Than Ever

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Indusface

Indusface

With cyber-security products built in the cloud and the most advanced intelligence platform, our variety of solutions will help you prevent today’s risk

More from Medium

IP Addresses Explained

Intel’s Journey

Project: Habit Tracking App

Remote Browser Isolation — The Next Step in Endpoint Security?