CyberGlossary

Network Security

Certificate Pinning

Also known as: TLS pinning, Public-key pinning

Definition

A technique in which an application hard-codes an expected certificate or public key and refuses TLS connections that do not match, defeating rogue or compromised CAs.

Certificate pinning binds a specific TLS server to one or more cryptographic identities (a full leaf certificate, an intermediate, or a SubjectPublicKeyInfo hash) that the client trusts implicitly. During the handshake, the client compares the server's chain against the pinned values and aborts the connection on mismatch, even if the chain is signed by a publicly trusted CA. It is mainly used in mobile and desktop apps that talk to a fixed backend, where it blocks attackers who have obtained a fraudulent certificate. Drawbacks include brittle deployments, the need for backup pins, and the risk of locking out users on emergency key rotation, so modern guidance favours short-lived certs, certificate transparency, and DANE for many use cases.

Examples

  • A banking app that pins the SHA-256 hash of its server's public key and rejects any other certificate.
  • A mobile API client that pins both the production and the rollover key as a backup.

Related terms