Reply
Highlighted
Member
Posts: 1
Registered: ‎12-29-2016

Certificate pinning

 I am interested in implementing certificate pinning in my iOS app, specifically when it communicates with authorize.net.

 

Background info here:

 

https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

 

What is authorize.net's policy on announcing when they change their certificates?  If I go down this road, I don't want to have my app become unusable for hours while I scramble to update my app with an updated certificate.

 

Any other recommendations on avoiding man-in-the-middle attacks?

 

Thanks,

Del

Highlighted
Posts: 2,765
Topics: 57
Kudos: 248
Blog Posts: 67
Registered: ‎12-05-2011

Re: Certificate pinning

Hello @del

 

Any changes in our systems would be included in a blog post and an entry in our system change log.  I would also recommend subscribing to our blog posts to receive prompt notifications.

 

For certificate pinning, this isn't something we currently support so I would recommend submitting a new feature request in using our Ideas forum. This will allow others to vote on and make suggestions to improve the request.

Richard