Specifies SSL Pinning Pin Set values to validate HTTPS connection from devices to the server.
Generators: Android, Apple
Level: Front end
The SSL Pinning Pin Set defines the server's public key hash (pin sha-256). The Android generator allows defining a single key hash, while the Apple generator requires at least 2 key hashes, separated by a comma (,). In both cases, having more than one hash configured is recommended.
If this property has a value, a Certificate pinning is performed by the device when it is connected to the server set in the Services URL property.
Certificate pinning is done by providing a set of certificates by hash of the public key (SubjectPublicKeyInfo of the X.509 certificate). A certificate chain is then valid only if the certificate chain contains at least one of the pinned public keys.
More Info:
OWASP Certificate and Public Key Pinning
This property applies only at design-time.
For example, in the case of the server apps5.genexus.com the key hash is as follows:
"LjCcH/Lyd5M5T2ulEMxYhqS7JkgJmCzUf1fxoYzy5D4="
One key hash is always a 44-character long string.
To apply the corresponding changes when the property value is configured, Build the Main Object.
Available for Apple as of Genexus 17 upgrade 1.
This property is available since GeneXus 16 upgrade 6.
OWASP Certificate and Public Key Pinning
Android Developer Security Certificate Pinning
Services URL property