当ssl证书过期并且您的应用使用ssl固定时,您会怎么做?
[英]what do you do when an ssl certificate expires and your app uses ssl pinning?
问题描述
I am trying to decide if it's a good idea to do ssl pinning in my iOS game that uses a server to deliver content. 
我试图决定在我的iOS游戏中使用服务器传送内容进行ssl固定是否是个好主意。 It seems like it's important, but the one thing that is really bothering me is the thought of the day that the certificate expires. 这似乎很重要,但真正困扰我的一件事就是想到证书到期的那一天。 Since the certificate has to be included in the app bundle, this means there will be a point where users will be forced to upgrade. 由于证书必须包含在应用程序包中,这意味着将有一个用户将被迫升级的点。 Depending on what Apple is doing at that time, might mean they can't upgrade due to device / os constrictions. 取决于Apple当时正在做什么,可能意味着由于设备/操作系统限制而无法升级。 So, I am really nervous about putting this in. 所以,我真的很担心这个。
Has anyone had any experience with ssl pinning and expired certificates, making this a seamless, no-down-time thing for your users? 有没有人有过使用ssl固定和过期证书的经验,这对你的用户来说是一个无缝,无需停机的东西?
1 个解决方案
解决方案1
0 2016-01-07 20:31:51
You could get a certificate with a longer expiry, either by buying one or generating a self-signed certificate (which has its pitfalls). 您可以通过购买证书或生成自签名证书(有其缺陷)来获得更长期限的证书。
You could also pin against the public key rather than the certificate as a whole. 您也可以针对公钥而不是整个证书。
If it comes to the point where you can't maintain backwards compatibility and older devices can't upgrade, it's just hard luck. 如果它无法保持向后兼容性并且旧设备无法升级,那就太难了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.