Stack Overflow
Stack Overflow

Questions tagged [certificate-pinning]

94 questions
1
vote
1 answer

Certificate Pinning fails even with CA-signed cert

I'm trying to use certificate pinning on Android with Retrofit. I'm trying to evaluate a valid Verisign-signed certificate. I get the following error: HTTP FAILED: javax.net.ssl.SSLPeerUnverifiedException: Failed to find a trusted cert that signed…
checkmate711
  • 3,301
  • 2
  • 35
  • 45
1
vote
0 answers

Certificate pinning with Alamofire using an installed Profile

I am using Alamofire to make web requests. There is a requirement to use certificate pinning for more security. So far I am able to pin certificates which are already included in the bundle using the following code. let serverTrustPolicy =…
LIH
  • 933
  • 2
  • 10
  • 25
1
vote
0 answers

Certificate pinning and downloadmanager

I am trying to use Certificate Pinning. I have my application downloading files using DownloadManager. I was wondering if I use DownloadManager will that support the certificate that I have pinned in android manifest and network_security_config.xml.…
Declan Marks
  • 65
  • 1
  • 8
1
vote
0 answers

Storing keystore password for certificate pinning in Android

I've recently started to learn about security in Android apps and wanted to implement certificate-pinning. Found some useful information by googling around but I stumbled upon storing the keystore password which contains the server certificate. As I…
JorgeGRC
  • 1,032
  • 2
  • 18
  • 37
1
vote
1 answer

Certificate pinning: App taking old certificate from app data for both android and ios?

We are using Mobilefirst 7.1 for hybrid application. We have implemented certificate pinning in the application. The certificate got expired and we replaced it with the new one. But the application is taking old certificate from Application cache…
Arun Punnath
  • 121
  • 5
0
votes
0 answers

How SSL Pinning gives security

In SSL pinning we have public key or certificate of server which is public to everyone mean everyone have that certificate or public key so how it is secured? Everyone have key to access to server I am implementing SSL Pinning in my project that…
Nandini Agarwal
  • 1
  • 1
0
votes
0 answers

Website certificates for mobile devices return different values

While working on certificate pinning for our mobile apps, we've come across this issue making http calls. We see that there are differences on what certificates get returned for each mobile platform. The names of the CNs in the certificate chain are…
Brendan C
  • 16
  • 2
0
votes
0 answers

How to do certificate pinning with chopper client

I'm developing an application using ChopperClient. To improve application security I want to do certificate pinning by using http_certificate_pinning library. What I've tried: I try using HttpCertificatePinning.check as suggested in the library's…
NGC4889
  • 45
  • 8
0
votes
1 answer

Android network security configuration: what is the difference between limiting the set of trusted CAs and certificate pinning?

There are two ways to reduce the risk of trusting public CAs in Android apps: limiting the trusted set of certificates or implementing certificate pinning. It is quite straight forward to implement the two solutions with the help of the…
f_t
  • 65
  • 9
0
votes
1 answer

SHA-256 certificate pinning isn't working

I have a strange problem with certificate pinning. If I use network-security-config xml with raw certificate it works. But if I switch to sha256 pinning in the same file, it doesn't work o_O I checked 10 times whether I'm using a correct sha256.…
blinker
  • 599
  • 5
  • 18
0
votes
0 answers

Certificate Pinning issue(ERROR TypeError: Cannot read properties of undefined (reading 'then'))

I am using mfp 8 and this is a hybrid application is in Angular 7 with cordova. I have implemented for certificate pinning. But getting undefined. Tried to put in deviceready also. Also tried in defferent places but same error. Could any one help…
helloJT
  • 3
  • 4
0
votes
0 answers

How to prevent http packet capture in exoPlayer Android?

I am using the exoplayer library in an android app to play video hosted on a server as https://ok.ru/video . I found that anyone can get and download video easily. If I use a token and send as header, it can be captured by the 'Packet Capture'…
Anas mugally
  • 19
  • 1
  • 5
0
votes
1 answer

cert pinning and transitioning isrg-root let's encrypt

I want to verify, if my app is affected by the event announced by let's encrypt https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html I'm using cert pinning in my android app using the pins for
lokalathlet
  • 1
0
votes
0 answers

Certificate Pinning - Refresh Pinned Certificate Mechanism

I am working on a client architecture where we plan to pin our clients against our servers. My server leaf certificates can change throughout our product lifecycle, which is why we would need a refresh mechanism to support our older released clients…
Sunil Patra
  • 3
  • 4
0
votes
2 answers

Does graphql supports certificate pining?

If I understand correctly, aws + graphql for mobile app is quite similar to Firebase Realtime Database. As the firebase blog certificate pinning is supported behind the scenes. My question is: does graphql support certificate pinning?
thanhbinh84
  • 17,876
  • 6
  • 62
  • 69
1 2 3 4
5
6 7