Hi,
I am trying to automate a certificate pinning process that is consumed by another system.
The Gateway currently provides a "Known Good" public key hash which the client-in-the-wild validates against the server certificate that they actually received when establishing an HTTPS connection back to base.
This public key hash is currently in a Gateway cluster property, so needs to manually updated if the server certificate changes.
I first looked into whether we could use a scheduled task that would:
- Use a routing statement to send a HTTPS request to the server host (over a trusted connection)
- Extract certificate attributes from the server certificate received over that HTTPS connection
- Update the cluster property if it has changed
But this doesn't seem to be possible, unless I am missing something.
Turning it around, another approach would be to try and automate importing the server certificate into the Gateway trust store when it is updated.
Regards,
Dave V.