Certificate Pinning
What is Certificate Pinning?
Certificate PinningA technique in which an application hard-codes an expected certificate or public key and refuses TLS connections that do not match, defeating rogue or compromised CAs.
Certificate pinning binds a specific TLS server to one or more cryptographic identities (a full leaf certificate, an intermediate, or a SubjectPublicKeyInfo hash) that the client trusts implicitly. During the handshake, the client compares the server's chain against the pinned values and aborts the connection on mismatch, even if the chain is signed by a publicly trusted CA. It is mainly used in mobile and desktop apps that talk to a fixed backend, where it blocks attackers who have obtained a fraudulent certificate. Drawbacks include brittle deployments, the need for backup pins, and the risk of locking out users on emergency key rotation, so modern guidance favours short-lived certs, certificate transparency, and DANE for many use cases.
● Examples
- 01
A banking app that pins the SHA-256 hash of its server's public key and rejects any other certificate.
- 02
A mobile API client that pins both the production and the rollover key as a backup.
● Frequently asked questions
What is Certificate Pinning?
A technique in which an application hard-codes an expected certificate or public key and refuses TLS connections that do not match, defeating rogue or compromised CAs. It belongs to the Network Security category of cybersecurity.
What does Certificate Pinning mean?
A technique in which an application hard-codes an expected certificate or public key and refuses TLS connections that do not match, defeating rogue or compromised CAs.
How do you defend against Certificate Pinning?
Defences for Certificate Pinning typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Certificate Pinning?
Common alternative names include: TLS pinning, Public-key pinning.