Layer7 API Management

  • Private Community
 View Only

  • 1.  What is the proper way to enable certificate pinning on iOS?

    Broadcom Employee
    Posted Nov 16, 2018 08:08 AM

    What is the proper way to enable certificate pinning on iOS? 

     

    When we tried to enable enable_public_key_pinning, trusted_public_pki and trusted_cert_pinned_public_key_hashes in MSSO JSON for iOS, the Application crashes to execute MAS Start (errors cannot be collected), and cannot run.

    However when we enable the parameters enable_public_key_pinning, trusted_public_pki and trusted_cert_pinned_public_key_hashes in Android, the application works fine.



  • 2.  Re: What is the proper way to enable certificate pinning on iOS?
    Best Answer

    Broadcom Employee
    Posted Nov 28, 2018 02:26 PM

    I believe the problem you are facing is due a difference between iOS and Android on how to setup the public key hashes on the msso_config file.

     

    Android SDK expects the public key hash to be set plain text in a array of arrays:

     

    "trusted_cert_pinned_public_key_hashes": [["c4a0e44297fc2c349cfbf4c8116fb81547ae41f4219b934ca005221b6152b433"],
    ["f1c167129ec72dc0cd18d93bd8817f607966e1eb04c7a22bbcdcfcd7c797073a"]],


    iOS SDK expects the public key hash to be set in a base64 format in a array of strings:

     

    "trusted_cert_pinned_public_key_hashes": ["47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", "HaDE0F3aPsDAqDRYZHYUGM5An8dlCCTRjwR7A1+xOqU="],

     

    The way to setup it will be aligned in a future release of the SDK.

     

    Please, let us know if you need any further assistance to solve this issue.