SSL Pinning

Overview

SSL Pinning enhances the security of the overall HYPR ecosystem and prevents MITM (Man-In-The-Middle) attacks. Before any HTTPS communication occurs, the client checks that the server is trusted by the client. After SSL Pinning is enabled, all subsequent registration, authentication, and de-registration requests are checked for a valid certificate. The client will check the certificate which server has and will make sure the client certificate hash matches the hash of the server certificate before proceeding withe any HTTPS request.

Prerequisites

Two different certificates are required for SSL Pinning to work. You can upload the certificates in the SSL Pinning section, located in the global Settings of the FIDO Control Center.

The Control Center supports certificates in the PEM format in Base64 ASCII. Only .pem, .crt, .cer file types can be uploaded to the Control Center.

🚧

Two SSL pins are required

The iOS app requires two SSL pins. Be sure to upload two certificates. File types supported include: .pem, .crt, and .cer

Integration

Step 1. Upload SSL Pinning Certificates

Step 2. Clicking the SSL Pinning toggle button will display a pop-up where you can upload certificates.

Step 3. View after uploading the first certificate

πŸ“˜

Certificates are required

If you are enabling SSL Pinning, be sure to upload two certificates. Uploading one certificate will fail the registration

Step 4. View after uploading two certificates

SSL Pinning Information

See the SSL Pinning information details below:

Field

Description

Certificate

This is the file name of the certificate which is being uploaded.

Valid From

This is the start date of the certificate from when it is valid from.

Valid To

The expiry date of the certificate.

Order

It can be primary or alternate. An admin can choose to make a certificate primary while uploading the second certificate. The primary will be one used for pinning and alternate can be used in place of primary when the primary expires.

Status

It can be either active or expired.

Actions

An admin can click on Delete to remove certificates. Please note that deletion will not revoke the certificates.

Disabling SSL Pinning

An admin can disable SSL Pinning by clicking on the toggle button. A pop-up will appear to confirm if you want to disable SSL Pinning.

❗️

Note

Once you click Disable, certificates will be removed and pinning will be disabled. This cannot be undone and you will be required to upload certificates again to enable SSL Pinning.

What will happen if the certificate expire?

Currently, administrators can upload two certificate. If the primary gets expired then

  1. Admins can make the secondary as the primary for SSL Pinning.
  2. Replace the primary with a new valid certificate.

Updated 11 months ago

SSL Pinning


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.