androidsslcertificate-pinningpublic-key-pinning

Certificate pinning Android with Retrofit


I am implementing ssl pinning in my app and i use leaf node certificate which is for my website in certificate hierarchy.

 val certificatePinner = CertificatePinner.Builder()
        .add(
            BuildConfig.DOMAIN,
            Constants.SHA256_HASH
        )
    okHttpClientBuilder.certificatePinner(certificatePinner.build())
        .build()

This works perfect until the certificate remains the same. but the main problem is keeping the app up to date with SHA256 hash as the certificate expires every 3 months. If i miss on updating the new SHA256 hash, app stops working due to certificate mismatch. Is there any way to avoid this situation. Thanks in advance.


Solution

  • using SHA hash of Root certificate solved my problem as it has a longer life