🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security Advanced

What is Certificate Pinning?

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Certificate pinning validates that a server presents a specific certificate or public key, rather than any certificate signed by a trusted CA. This protects against compromised Certificate Authorities and rogue certificates. Implementation approaches include pinning the leaf certificate (most restrictive), pinning the intermediate CA certificate, or pinning the public key (most flexible during certificate renewal). Mobile apps commonly use certificate pinning for API communication. Challenges include handling certificate rotation (pin the backup key too) and debugging (pinning failures are silent). HTTP Public Key Pinning (HPKP) for browsers was deprecated due to the risk of permanent lockout.

Related Terms

RBAC (Role-Based Access Control)
An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.
DDoS (Distributed Denial of Service)
An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.
JWT (JSON Web Token)
A compact, self-contained token format used for securely transmitting information between parties as a JSON object.
XSS (Cross-Site Scripting)
An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.
Cryptographic Key Management
The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.
Two-Factor Authentication (2FA)
A security method requiring two different forms of identification before granting access to an account.
 View All Security Terms →