Certificate Pinning in IBM MobileFirst Platform Foundation 7.1

New in IBM MobileFirst Platform Foundation 7.1 are several Hardened security features.
One of these features is Certificate Pinning.

In the following video I begin by explaining the very basics of secure communication and one of its pitfalls, and how it can be addressed by using Certificate Pinning. The sample application used in the video can be downloaded from GitHub: https://github.com/IdanAdar/CertificatePinningProject

Support level

  • Certificate pinning is currently supported in Hybrid and Native applications for iOS and Android
  • Currently only 1 server certificate at a time is supported, and not multiple certificates

Learn more

Sample application

You can download the sample application seen at the video from GitHub: https://github.com/IdanAdar/CertificatePinningProject

Using the sample

  1. Make sure to place the CA-signed certificate in the server and client application
  2. Make sure to point the client application to the same host that was used in the certificate
  3. Update the method in main.js with the name of your certificate
Last modified on June 23, 2016