TLS/SSL Certificate Signature Hardening

In order to prevent certificate modification by man in the middle attacks or otherwise, certificates are generally signed. Most certificates are hashed using a hashing algorithm to produce a cryptographic hash, which is then encrypted using the CA’s private key. Generally speaking, the security of a certificate is determined by 2 things:

  1. the encryption strength of the private key that was used to sign the certificate and
  2. the strength of the hashing function used in the signature.

Until just a couple years ago, most certificates relied on the SHA1 hashing function, which is now considered insecure.

Appdome’s Certificate Signature Hardening protects all your application connections and enforces strong encryption methods such as RSA and ECC on each certificate signature.

This Knowledge Base article provides step-by-step instructions for using Appdome to enforce Certificate Signature Hardening to increase the strength of digital certificates used in Android and iOS apps.

We hope you find it useful and enjoy using Appdome!

About Certificate Signature Hardening on Appdome

Appdome is a no-code mobile security and mobile integration platform that allows users to add security features, like RASP, code obfuscation, data encryption and more, as well as mobile threat, mobile fraud, anti-bot and other SDKs and APIs to Android and iOS apps. This KB describes how to use Appdome’s simple ‘click to build’ user interface to quickly and easily build Certificate Signature Hardening into any mobile app – instantly, no code or coding required.

There are no development or coding prerequisites to use Appdome. For example, there is no SDK, no libraries, or plug-ins to implement.

Appdome Certificate Signature Hardening service secures your app’s connections by verifying that aside from being secure HTTP connections, the certificates are also signed using strong encryption and hashing methods as follows:

  • Enforce Strong RSA Signature – enforces leaf and intermediary certificates received from the server to be signed with a Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
  • Enforce Strong ECC Signature – enforces leaf and intermediary certificates received from the server to be signed with an Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
  • Enforce SHA256 Digest – enforces leaf and intermediary certificates received from the server to be signed using a Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 bits (SHA-256 or greater)

Prerequisites for using Certificate Signature Hardening

How to Enforce Certificate Signature Hardening to Any Mobile App on Appdome 

Follow these step-by-step instructions to enforce Certificate Signature Hardening:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the “Build” tab, go to the Security menu.

  1. Click  Secure Communications to expend the bundle
  2. Click on the toggle to enable Trusted Session
  3. Expand Session Management.
  4. Toggle the Enforce Strong RSA Signature switch
    (optional) Fill out the custom message that is displayed in case of a security event.
  5. Toggle the Enforce Strong ECC Signature switch
    (optional) Fill out the custom message that is displayed in case of a security event.
  6. Toggle the Enforce SHA256 Digest switch
    (optional) Fill out the custom message that is displayed in case of a security event.
  7. (optional) Enable +DEV Events if you wish that your app will handle Appdome events.
  8. Click Build My Appappdome certificate signature hardening

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add MicroVPN to the mobile app in seconds.

Congratulations! You now have a mobile app fully integrated with Certificate Signature Hardening

appdome platform fusion success message

What to do After I Build My App?

After you successfully build an app, you need to sign the app in order to deploy it. You can also brand or customize an app on Appdome. Read this Knowledge Base article to learn what to do after you successfully build an app. It explains both optional steps and required steps.

That is it – Enjoy Appdome with Certificate Signature Hardening in your app!

How Do I Learn More?

For more information on Certificate Signature Hardening and some of the attacks, it can thwart such as Phishing or MiTM attacks, check our blog. 

Request a demo at any time.

To zoom out on this topic, visit  Appdome for Mobile App Security on our website.

Here’s a helpful article on hashing and encryption.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.  

Alan Bavosa

Have a question?

Ask an expert

AlanMaking your security project a success!