SSL-Pinning-Generator
Erstellen Sie SSL-Pinning-Konfigurationen für Android und iOS
Pinning-Strategie-Leitfaden
Blatt-Zertifikat
High security, but changes frequently (e.g. every 90 days). Requires app updates before every expiration.
Zwischenzertifikat (Intermediate CA)
Recommended. Changes rarely (years). Good balance between security and maintenance.
Root-CA
Maximale Stabilität (10-20 Jahre). Vertraut allen Zertifikaten, die von dieser Root ausgestellt wurden. Geringster Wartungsaufwand.
Backup-Pin-Leitfaden
Um App-Ausfälle zu vermeiden, falls Ihre Schlüssel kompromittiert werden oder verloren gehen, MÜSSEN Sie einen Backup-Pin einfügen. Generieren Sie ein Ersatz-Schlüsselpaar offline und bewahren Sie es sicher auf.
1. Backup-Schlüsselpaar generieren:
openssl genrsa -out backup_key.pem 20482. SPKI-Pin extrahieren:
openssl rsa -in backup_key.pem -pubout -outform der | openssl dgst -sha256 -binary | openssl enc -base64SSL Pinning Generator creates certificate pinning configurations for mobile apps associating hosts with expected public keys, preventing MITM attacks even when a CA is compromised.
Key Facts
- Chrome removed HPKP in 2018 due to deployment risks
- Mobile apps widely use certificate pinning for API security
- Certificate Transparency logs reduce need for browser pinning
- Always include a backup pin for disaster recovery
Frequently Asked Questions
What is SSL pinning?
Hardcodes expected certificate/public key in client app, preventing forged certificate attacks even from trusted CAs.
Should I pin the certificate or public key?
Public key — survives certificate renewals. Certificate pinning breaks on every renewal. Always include backup pins.
What happens if I rotate my certificate?
If pinning the certificate, app breaks until updated. Use public key pinning with backup pins for safe rotation.