Reputation: 51
Certificate pinning with Microsoft Graph api
We have developed an android mobile application where we are interacting with microsoft graph api. We have to add certificate pinning to avoid man in the middle attacks. To implement this we will need to hardcode the public key in the app, but Microsoft graph apis keeps on changing the public key.
How can we implement certificate pinning and how can we prevent man in middle attacks?
Upvotes: 0
Views: 216
Answers (1)
Reputation: 3505
You might try Certificate Transparency which provides an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.
Please take a look to Certificate Transparency for Android.
Upvotes: 0
Related Questions
- encryptionCertificateId of Microsoft API
- Microsoft Graph: How to get access token with certificate in client credentials flow? (instead of using a client_secret)
- how to create an encrypted certificate for ms graph subscription requests?
- Access to email signatures
- Does graphql supports certificate pining?
- Microsoft Graph API - How to update userSMIMECertificate
- Microsoft Azure Graph API for login using certificate thumbprint
- Microsoft Graph - WithCertificate - fails with "The provided certificate has a key that is not accessable."
- How to use Microsoft Graph API with Certificates (INTUNE)
- Microsoft Graph Authentication Token Issue