Certificate Pinning in IBM MobileFirst Platform Foundation 7.1
New in IBM MobileFirst Platform Foundation 7.1 are several Hardened security features.
One of these features is Certificate Pinning.
In the following video I begin by explaining the very basics of secure communication and one of its pitfalls, and how it can be addressed by using Certificate Pinning. The sample application used in the video can be downloaded from GitHub: https://github.com/IdanAdar/CertificatePinningProject
- Certificate pinning is currently supported in Hybrid and Native applications for iOS and Android
- Currently only 1 server certificate at a time is supported, and not multiple certificates
- Click for user documentation and available APIs for Hybrid, native iOS and native Android.
- Click for user documentation on setting up the truststore of your application server with the required CA-signed certificate.
You can download the sample application seen at the video from GitHub: https://github.com/IdanAdar/CertificatePinningProject
Using the sample
- Make sure to place the CA-signed certificate in the server and client application
- Make sure to point the client application to the same host that was used in the certificate
- Update the method in main.js with the name of your certificate
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.