Menu
I have a running Android application that implements Certificate Pinning with a SHA256 Pin. I use the https://www.ssllabs.com/ssltest tool to obtain that pin.
The current server certificate is about to expire, and a new certificate will be applied to the server. I need to generate the SHA256 Pin for the new certificate before it is applied to the server so that I can add it to the application and introduce it in an update.
I have the new certificate .crt file. Any idea how to generate the SHA256 key from the file? I have no access to the server, just the .crt file.
As per OkHttp's CertificatePinner documentation:
SHA-256 or SHA-1 hashes. Each pin is a hash of a certificate's Subject Public Key Info, base64-encoded and prefixed with either sha256/ or sha1/.
629
Try this command
openssl x509 -in my-certificate.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
Then use
"sha256/" + ${ouput hash from the command line above}.
More commands you will find at the Public Key Pinning page at the Mozilla Developer Network
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
