📌 Générateur SSL Pinning

Générez des configurations de SSL pinning pour Android et iOS

Guide de Stratégie de Pinning

Certificat Feuille

High security, but changes frequently (e.g. every 90 days). Requires app updates before every expiration.

AC Intermédiaire

Recommended. Changes rarely (years). Good balance between security and maintenance.

AC Racine

Stabilité maximale (10-20 ans). Faites confiance à tous les certificats émis par cette racine. Maintenance minimale.

Guide de Pin de Secours

Pour éviter que l'appli ne casse si vos clés sont compromises ou perdues, vous DEVEZ inclure un pin de secours. Générez une paire de clés de rechange hors ligne et gardez-la en sécurité.

1. Générer Paire de Clés de Secours :

openssl genrsa -out backup_key.pem 2048

2. Extraire Pin SPKI :

openssl rsa -in backup_key.pem -pubout -outform der | openssl dgst -sha256 -binary | openssl enc -base64

SSL Pinning Generator creates certificate pinning configurations for mobile apps associating hosts with expected public keys, preventing MITM attacks even when a CA is compromised.

Key Facts

  • Chrome removed HPKP in 2018 due to deployment risks
  • Mobile apps widely use certificate pinning for API security
  • Certificate Transparency logs reduce need for browser pinning
  • Always include a backup pin for disaster recovery

Frequently Asked Questions

What is SSL pinning?

Hardcodes expected certificate/public key in client app, preventing forged certificate attacks even from trusted CAs.

Should I pin the certificate or public key?

Public key — survives certificate renewals. Certificate pinning breaks on every renewal. Always include backup pins.

What happens if I rotate my certificate?

If pinning the certificate, app breaks until updated. Use public key pinning with backup pins for safe rotation.

Related Security Tools

🔒 Certificat SSL 📜 Recherche de Transparence des Certificats 🔐 Générateur de Hash 📋 En-têtes HTTP