In our own application we use the certificate directly from public-api.sandbox.bunq.com (old key in our version is: SUiIQk086/o/n95Z/GMKJYaV7SBbvr/pZC8lNxfvzu0= ) instead of the parent certificate that is used in this SDK (amazon root CA 1 ) .
When I tried to connect with the SDK to the sandbox with our own version to ( public-api.sandbox.bunq.com ). I noticed this in ApiClient::post
What should happen:
A connection should be made and pinned ssl certificate should match the server certificate. When using a root certificate you're not really doing ssl pinning because it's not specific enough.
What happens:
When you use the old server sha256 pin key an error like below is logged :
## Traceback
## SDK version and environment
- Tested on [1.14.18](https://github.com/bunq/sdk_java/releases/tag/1.14.18)
- [ x ] Sandbox
- [ ] Production
## Response id
n/a
## Extra info:
easy way to get the pinnedkey is by dropping the url ( public-api.sandbox.bunq.com ) into [https://www.ssllabs.com/ssltest/](https://www.ssllabs.com/ssltest/) and search for `Pin SHA256`
Steps to reproduce:
What should happen:
What happens: