Closed fScalaReply closed 2 years ago
diefferson
commented
2 years ago Hello @fScalaReply, when the app get the certificate from your website, you lost the propose of pinning, because a proxy server in the middle could provide a HTTPS certificate to your APP.
diefferson
commented
2 years ago You could use some strategies to update certificates, I recommend if possible use two certificate, the current and the next that have more 6 months more to expire, so when your server change the certificate it changes to the next certificate and generate the next that expires in one year, and the app has 6 months to update the certificates.
fScalaReply
commented
2 years ago Thanks a lot for the quick reply @diefferson!
Hello!
It is possible to get the fingerprints directly in-app from our list of websites? Because the problem with this implementation is that we have to redeploy the app everytime the certificate expires.. so storing the fingerprint in the app isn't the final solution
Thanks in advance for the reply!