What would happen if I renew my server certificate and my application is doing certificate pinning?

0
votes

I have an application that performs requests to a server. The server has a certificate that is going to expire soon. My application is performing SSL pinning with certificates (not public keys).

Supposedly, they're going to renew the server certificate before it expires, but I'm not sure if that alone will suffice and my pinned certificates will still work (since the certificates are renewed, they claim those certificates will remain the same), or I have to forcefully change my certificates in the application in order to keep the pinning working.

Do I have to change my application certificates?

I've googled around, but I can't make a definitive assumption.

Thanks in advance.

1
iosswiftalamofirecertificate-pinning

1 Answers

2
votes

If you're pinning the leaf certificate, you will need to update your app with the new leaf certificate or pinning will fail. You can ship both the old and new certificates with the app at the same time and pinning should continue to work just fine.

If you're pinning the public key or one of the branch certificates, and you can verify those items aren't changing with the new certificate, you may not need to do anything.

Ultimately it's important to find out how pinning is currently being achieved (you tagged Alamofire, so I'm assuming you're using it) and how the new cert is being generated.