SSL pinning at android client side for google cloud endpoints APIs
33 views
Skip to first unread message
baqir rizvi
unread,
Feb 16, 2018, 12:01:00 AM2/16/18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Google App Engine
I want to protect my google cloud endpoint APIs from man in the middle attack using SSL Pinning through OKHTTP CertificatePinner. Before I proceed, I have few questions in my mind:
does google changes its server certificate along with CA certificates i.e. renewing certificate time to time?
does google notify us that its going to renew the certificate.?
do we also require to update the pinned certificate at the client side whenever google changes its certificates.?
what is the best way to achieve that or any other suggestion is welcome
Yannick (Cloud Platform Support)
unread,
Feb 16, 2018, 4:19:25 PM2/16/18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to google-a...@googlegroups.com
Hello Baqir,
Google frequently rotates leaf certificates and keys, and our intermediate and root may change at any time without notice.
If you wish to pin against a service that’s running on Google’s infrastructure, you must be serving with your own certificates. Once you are pinning against keys that you control, we may advise you that pinning is complex and dangerous, but you can fundamentally do what you choose.