When we import SSL Certificate in our app, for certificate pinning we have to update apk/ipa every-year at the time of Certificate update.
Can we overcome this !
References : https://infinum.co/the-capsized-eight/articles/securing-mobile-banking-on-android-with-ssl-certificate-pinning
DRAWBACKS Less flexibility - when you do SSL certificate pinning, changing the SSL certificate is not that easy. For every SSL certificate change, you have to make an update to the app, push it to Google Play and hope the users will install it.
Please guide to overcome this.
Have a look at this article about certificate pinning and public key pinning: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
An important question is what you want to pin. If you don't want to release a new version every time the certificate changes you can also key to the public key of the certificate, since you can keep the same public key when you renew your certificate your app will still work with a new certificate.
Another option is not to pin to your server certificate but to the intermediate or the root certificate of the CA. The intermediate certificate is usually valid for a longer time.
There is no way to overcome this, but you can make this less painful:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.