Using Favor Certificate Pinning

Certificates are usually verified against intermediate CA certificates, which are then verified against root CA certificates. Root CA certificates are normally stored on a device’s trusted CA store.

Certificate Pinning is the process in which an app stores specific certificates or public key hashes in the app itself, thereby foregoing the verification process as described above. Instead, the app verifies a server certificate or CA certificate it received directly against the stored certificate or public key hash.

Using Favor Certificate Pinning on Appdome

if your app uses an internal Certificate Pinning solution to trust the server, you will need to turn on “Favor Certificate Pinning”:

  1. Go to the Build Tab
  2. Select the Access menu
  3. Turn on Per-App VPN Routing

Favor Certificate Pinning switch

  1. You will see a warning message that other features are being disabled. Click Proceed.

Favor Certificate Pinning warning

Favor Certificate Pinning Compatibility

To allow Apple’s Per-App VPN to handle the traffic, some Appdome features will be turned off automatically, or an error will be displayed

Even though Per-App VPN may tunnel an app’s entire network connectivity, you are still able to secure your app by using complementary Appdome features such as:

  1. Enforce Strong RSA Signature
  2. Enforce Strong ECC Signature
  3. Enforce SHA256 Digest
  4. Enforce Certificate Roles
  5. Validating Basic Constraints for CA certificates
  6. Static Client Pinning and Certificate Pinning
  7. Authentication using NTLM or: Basic authentication, Digest, Ngotiate or an HTML form.

How Do I Learn More?

Read more about Enterprise Access and Convectivity.

Kai Kenan

Have a question?

Ask an expert

PascalMaking your security project a success!