SSL pinning (certificate pinning) is a security technique that hardcodes the expected certificate or public key of a server in the client application. This prevents attackers from using forged certificates, even those signed by trusted CAs.

Should I pin the certificate or the public key?

Pin the public key (SPKI hash). Public key pinning survives certificate renewals as long as the same key pair is used, while certificate pinning breaks every time a certificate is renewed. Always include backup pins for rotation.

📌 Gineadóir Pinning SSL

Gin cumraíochtaí pinning SSL le haghaidh Android agus iOS

Treoir Straitéise Pinning

Deimhniú Leaf

High security, but changes frequently (e.g. every 90 days). Requires app updates before every expiration.

CA Idirmheánach

Recommended. Changes rarely (years). Good balance between security and maintenance.

Fréamh CA

Cobhsaíocht uasta (10-20 bliain). Cuir muinín i ngach deimhniú a eisítear faoin bhFréamh seo. Cothabháil is ísle.

Treoir Cúltaca Pionna

Chun briseadh aip a chosc má dhéantar do chuid eochracha a chomhréiteach nó a chailleadh, NÍ MÓR duit pionna cúltaca a áireamh. Gin Péire Eochrach spártha as líne agus coinnigh slán é.

1. Gin Cúltaca Péire Eochrach:

openssl genrsa -out backup_key.pem 2048

2. Sliocht SPKI Pionna:

openssl rsa -in backup_key.pem -pubout -outform der | openssl dgst -sha256 -binary | openssl enc -base64

SSL Pinning Generator creates certificate pinning configurations for mobile apps associating hosts with expected public keys, preventing MITM attacks even when a CA is compromised.

Key Facts

Chrome removed HPKP in 2018 due to deployment risks
Mobile apps widely use certificate pinning for API security
Certificate Transparency logs reduce need for browser pinning
Always include a backup pin for disaster recovery

Frequently Asked Questions

What is SSL pinning?

Hardcodes expected certificate/public key in client app, preventing forged certificate attacks even from trusted CAs.

Should I pin the certificate or public key?

Public key — survives certificate renewals. Certificate pinning breaks on every renewal. Always include backup pins.

What happens if I rotate my certificate?

If pinning the certificate, app breaks until updated. Use public key pinning with backup pins for safe rotation.