Official Content

Specifies SSL Pinning Pin Set values to validate HTTPS connection from devices to the server.

Scope

Generators: Android, Apple
Level: Front end

Description

The SSL Pinning Pin Set defines the server's public key hash (pin sha-256). The Android generator allows defining a single key hash, while the Apple generator requires at least 2 key hashes, separated by a comma (,). In both cases, having more than one hash configured is recommended.

If this property has a value, a Certificate pinning is performed by the device when it is connected to the server set in the Services URL property.

Certificate pinning is done by providing a set of certificates by hash of the public key (SubjectPublicKeyInfo of the X.509 certificate). A certificate chain is then valid only if the certificate chain contains at least one of the pinned public keys.

More Info:

OWASP Certificate and Public Key Pinning

 

Runtime/Design time

This property applies only at design-time.

Samples

For example, in the case of the server apps5.genexus.com the key hash is as follows:

"LjCcH/Lyd5M5T2ulEMxYhqS7JkgJmCzUf1fxoYzy5D4="

One key hash is always a 44-character long string.

How to apply changes

To apply the corresponding changes when the property value is configured, Build the Main Object.

Compatibility

Available for Apple as of Genexus 17 upgrade 1.

Availability

This property is available since GeneXus 16 upgrade 6.

See Also

OWASP Certificate and Public Key Pinning
Android Developer Security Certificate Pinning
Services URL property

Last update: February 2024 | © GeneXus. All rights reserved. GeneXus Powered by Globant