I'm communicating with my server from an iOS app via HTTPS, and would like to harden it a bit to mitigate risk of man in the middle attacks. Which are the best X.509 fields to verify to detect MITM attacks?
Would verifying the certificate's serial number and issuer signature be most effective? Assuming, of course, that my issuer is not in cahoots with Eve and that Eve has not stolen my issuer's signing key. Self signing would eliminate the first threat.
Would verifying the certificate's subject and issuer signature be almost as secure, but leave me with the flexibility of being able to renew the certificate?
