Reputation: 12874
Possible dynamic SSL Cert Pinning?
Correct me if I'm wrong, SSL cert pinning on mobile simply means that backend(Party A) has a cert and this cert we are included in our mobile apps(Party B), and whenever we want to firing network request, the request and response will be encrypted and decrypted by both parties on the agreed cert.
Now the funny thing is, backend(Party B) is having another vendor(Party C) managing the certs for them, and Party C has the rights to manage the certs however they want to. In other words, it's like a dynamic SSL cert instead of static certs. In this scenario, it's not really possible for my mobile apps to implement cert pinning between my mobile apps and backend(Party A) right?
Upvotes: 1
Views: 1587
Answers (1)
Reputation: 873
Yes, you cannot handle said scenario. You would have to update Party B each time Party C decides to change cert of Party A.
related question: Dynamic certificate pinning
Upvotes: 1
Related Questions
- Android SSL Certificate pinning
- How to Detect Root (Magisk) and Implement SSL Pinning on Android / React Native
- Ignore Ssl Certificate Verification in react native
- Ignore SSL Certificate Check on Android React Native
- react native ssl pinning
- Implementing ssl pinning in a react-native application using TrustKit iOS
- How to implement SSL Certificate Pinning in Native Layer Android programmatically
- Certificate Pinning on Android / iOS in-App Browser
- How can I implement SSL Certificate Pinning while using React Native
- SSL Pinning Certificate