J
Jeffrey Walton
Hi All,
Is anyone aware of techniques to pin a SSL/TLS Certificate in .Net?
Pinning is accepting *only* a known certificate (for example, a
certificate issued to Example.com *and* with thumb print NNNN...NNNN).
I found Jan Tielen's "Consuming Webservices over HTTPS (SSL)" (http://
weblogs.asp.net/jan/archive/2003/12/04/41154.aspx), which shows how to
use System.Net.ICertificatePolicy and CheckValidationResult on a
Mobile Client (I believe it will extend to desktops and servers). But
I'm not sure if its Microsoft's 'best practice' for pinning.
Jeff
Is anyone aware of techniques to pin a SSL/TLS Certificate in .Net?
Pinning is accepting *only* a known certificate (for example, a
certificate issued to Example.com *and* with thumb print NNNN...NNNN).
I found Jan Tielen's "Consuming Webservices over HTTPS (SSL)" (http://
weblogs.asp.net/jan/archive/2003/12/04/41154.aspx), which shows how to
use System.Net.ICertificatePolicy and CheckValidationResult on a
Mobile Client (I believe it will extend to desktops and servers). But
I'm not sure if its Microsoft's 'best practice' for pinning.
Jeff