Questions tagged [pinning]

Pinning is the process of associating a host with their expected X509 certificate or public key.

Once a certificate or public key is known or seen for a host, the certificate or public key is associated or 'pinned' to the host. If more than one certificate or public key is acceptable, then the program holds a pinset. In this case, the advertised identity must match one of the elements in the pinset.

Owasp pinning cheatsheet

179 questions

votes

0 answers

MobileFirst 7.1.0.00.20170505-1403 - NSURLErrorDomain error -1012. While Certificate pinning through iPhone

I followed this Article to implement certificate pinning for hybrid application. The solution works well for Android but I see the following issue with iPhone. err:…

asked Jan 19 '18 at 03:00

MobileFirst Developer

votes

0 answers

Alamofire - asymmetric cryptography with elliptic curve key (SSL pinning)

I have a problem with connecting to server using Alamofire. I use this code (credits to cnoon): class NetworkManager { public static var manager : Alamofire.SessionManager = { // Create the server trust policies let…

ios swift alamofire pinning

asked Aug 26 '17 at 08:15

Boomerange

votes

1 answer

SSL Certificate Pinning in iOS with Microsoft Azure SDK

This is not a question about certificate pinning in general. I am writing an iOS app that utilizes the Microsoft Azure SDK for iOS. They have not implemented certificate pinning, so I have downloaded the full SDK and I am modifying it to add in my…

ios azure ssl pinning certificate-pinning

asked Aug 01 '17 at 15:36

mbm29414

11,558
6
56
87

votes

0 answers

Is it possible HTTP Public Key Pinning on shared servers?

Is it possible HTTP Public Key Pinning (HPKP) on shared servers? How to make this using php?

pinning

asked Jun 10 '17 at 09:48

olga

votes

1 answer

Certificate pinning on Android

I did certificate pinning on Android(using Retrofit) like says in OkHttp3 docs(put wrong value -> got exception -> put expected values). But how to get these values for pinning if I decide to rotate server certificate. For example: I have…

android security ssl pinning

asked May 05 '17 at 06:25

AinisSK

votes

1 answer

Xcode SSL pinning trust anchor certificates

I'm not an iOS and SSL pinning specialist. Trying to add local certificates into the anchors in order to trust them. Tried several code and always getting a kSecTrustResultRecoverableTrustFailure back. What's wrong with this code ? Should I convert…

ios cocoa ssl ssl-certificate pinning

asked Apr 25 '17 at 17:54

David Martin

votes

1 answer

AFHTTPRequestOperation with SSL Pinning not working

I am using AFHTTPRequestOperation for my iPhone app (Objective-C). I need to enable the SSL pinning for my app. However, no matter the certificate that I have included in my app bundle is the correct or wrong, calling to my API is always…

ios objective-c iphone ssl pinning

asked Apr 17 '17 at 13:03

joe kirk

votes

1 answer

AlamoFire: public key pinning not working

I am creating a Session manager using a shared instance as below: class Session { static let sharedInstance = Session() private var manager : SessionManager? func ApiManager()->SessionManager{ if let m = self.manager{ return m …

ios swift swift3 alamofire pinning

asked Jan 10 '17 at 00:12

SagarU

votes

1 answer

Parse "method not allowed when pinning is enabled" after migrating to new server

I've inherited a Parse app that works fine on Parse.com, but after migrating to a new server, I'm seeing this error. As far as I can tell, this app doesn't enable pinning (Parse.enableLocalDatastore() is not called anywhere) Q: Is there anything…

methods parse-platform migration parse-server pinning

asked Dec 01 '16 at 17:30

user1930720

votes

1 answer

Handle site certificate expiry with OkHttp Certificate pinning on Android

I have an app that has a site certificate hash pinned with OkHttp3 similar to the method mentioned here The site certificate is about to expire soon though and I realized that I need to be able to support a new site certificate as soon as I switch…

android okhttp pinning

asked Nov 18 '16 at 19:06

source.rar

8,002
10
50
82

votes

1 answer

Lack of Certificate Pinning in IBM Mobile First Platform 7.1

The IBM Mobile First Platform 7.1 is not Supporting Certificate Pinning. We tested the apt with IBM Blue-mix Security Scan. Lack of Certificate Pinning Severity: Causes: Certificate pinning is not implemented/disabled for this…

ssl certificate ibm-mobilefirst pinning

asked Nov 01 '16 at 07:16

Saran Joseph

votes

1 answer

Programmatically pan the Windows 10 UWP map control

Is there any event in the windows 10 UWP map control which can be used to pan programmatically.

windows uwp bing-maps pinning uwp-maps

asked Jun 22 '16 at 09:56

Prince Sanghi

votes

1 answer

creating certificate for android volley and nodejs

I am developing an android application which can connect with multiple node server. This connection needs to be secure so i need certificates. But i cant pay to certificates. As my researches, i will create certificates for each server and sign them…

android node.js ssl certificate pinning

asked May 28 '16 at 17:19

ekilic

votes

1 answer

Is HPKP subdomain pinning relative?

I have a HPKP pinned domain at sub.domain.tld with a 2 month expiry and includeSubdomains flag present. I noticed now that sub2.domain.tld, using a different certificate that is not pinned, still works. Does this mean that includeSubdomains is…

http certificate pinning

asked May 02 '16 at 12:42

nickdnk

4,010
4
24
43

votes

2 answers

Mobile App with Cert Pinning - SSL Cert on DMZ box with trusted CA vs my own CA

I am developing a mobile app with certificate pinning. I will have a box in the DMZ that will proxy my requests. Should this server have a cert from a trusted CA or can I use the one I generated from my own CA? What would be the benefits of using…

security ssl https ca pinning

asked Apr 27 '16 at 20:29

devjme

Prev 1 2 3

…

12 Next