Skip to content

Certificate Pinning

Spicy — senior dev territorySecurity

ELI5 — The Vibe Check

Certificate Pinning means your app only trusts a SPECIFIC certificate, not any cert signed by a trusted CA. Even if an attacker gets a valid cert from a compromised CA, your app rejects it. It's like only accepting your house key, not any key that fits the lock brand.

Real Talk

Certificate pinning associates a host with its expected public key or certificate, rejecting connections even if the presented certificate is otherwise valid. It mitigates CA compromise and MITM attacks. Common in mobile apps; HPKP was deprecated in browsers but pinning remains standard in native apps.

When You'll Hear This

"Our mobile app pins the API server certificate — MITM proxies can't intercept traffic." / "Certificate pinning broke when we rotated certs — always pin the public key, not the certificate."

Related Terms

Certificate Authority (CA)

A Certificate Authority is like the DMV of the internet — a trusted organization that vouches for websites' identities.

intermediateSecurity

MITM (MITM)

MITM stands for Man-in-the-Middle. An attacker silently sits between your browser and the server, eavesdropping on everything.

intermediateSecurity

mTLS

Normal TLS: you check that the website is legit. mTLS: you BOTH check each other. The server verifies your certificate, you verify the server's.

advancedSecurity

TLS (TLS)

TLS (Transport Layer Security) is the updated, actually-secure version of SSL. It's the technology that puts the padlock in your browser's address bar.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.