Should certificate pinning be implemented if the app can use many servers?

In a corporate context, mobile apps exist that require a user to enter the server address to connect to a specific instance of this vendor’s application.
The vendor sells software that it’s customers deploy on premise (or on a private clou… Continue reading Should certificate pinning be implemented if the app can use many servers?

If a mobile app pins the Root Authority Certificate of a server and verifies its hostname, is it possible an attack via DNS-poisoning?

I have some questions about certificate pinning.
Supposing that a mobile application has pinned only the root CA, it should be possible to an attacker to redirect in some way the victim to a malicious website with the same Root CA. Am I wr… Continue reading If a mobile app pins the Root Authority Certificate of a server and verifies its hostname, is it possible an attack via DNS-poisoning?

Is certificate pinning enough to protect client (native mobile app) – server communication?

My use case is the following: I want to create an app with React Native that I can deploy on both iOS and Android.
The app should consume an RSS feed (https call) from the server but there is no need to have authorization in place. The out… Continue reading Is certificate pinning enough to protect client (native mobile app) – server communication?

How can you bind a public key to a certificate if the public key depends on the choice of algorithms?

Can the same public key be used with RSA, Elliptic Curve, or other asymmetric encryptions algorithms? If not, how is a public key bound to a X.509 Certificate? Presumably, you’d have to know the algorithmic choice before determine a public… Continue reading How can you bind a public key to a certificate if the public key depends on the choice of algorithms?

How can I locate and purchase SSL certificates that contain a specific trust chain?

I am dealing with a unique scenario where I have a mobile app that is unable to be updated on the App Store and has implemented SSL pinning. The issue is that the app pins against Lets Encrypt, which now will be moving to new certificates … Continue reading How can I locate and purchase SSL certificates that contain a specific trust chain?