Security Pinning Advanced

Certificate pinning-prevent man-in-middle attacks

Pin SSL certificates to prevent attackers from intercepting traffic with different certificates.

UnderHost NOC Network Operations

9 min read Updated June 2026

On this page

What is pinning?
Types of pinning
Implement pinning
Risks and planning

Certificate pinning restricts which certificates your app accepts. If an attacker intercepts traffic with a different (valid) certificate, your app rejects it.

Types of pinning

Certificate pinning: Pin specific certificate
Public key pinning: Pin public key (survives certificate renewal)
CA pinning: Pin the Certificate Authority

Implement pinning

Web via HPKP header

Public-Key-Pins: pin-sha256="ABC...="; max-age=2592000

Mobile apps (iOS/Android)

Use built-in certificate pinning in SDK or libraries.

Risks and planning

⚠️ Pinned certs expire - have renewal plan
⚠️ Wrong pin = site broken for users
⚠️ Test thoroughly before deploying

Certificate pinning is risky

Only use for high-security apps (banking, finance). Mistakes can permanently break access for users.

Related: SSL errors | HTTP headers

Was this article helpful?

Need security-focused hosting?

UnderHost services include DDoS-aware infrastructure, SSL support, account isolation, backups, and security guidance.

View Secure Hosting CustomerPanel

Chat with Winston. chat.underhost.com