Mobile app pinned a cert, expiry approaches, app breaks without update
Cert pinning hardcodes a specific certificate or public key in an app. Strong against MitM, but on rotation without a pre-deployed new pin every installed app breaks. For modern web apps it is rarely used anymore, for mobile apps sometimes still.
Try this first
- 1Inventory whether pinning is active: native iOS/Android vendor app, or HPKP headers (deprecated for browsers, still possible).
- 2If pinning is active: pin on public key (SPKI), not the full cert. A public key can survive rotations.
- 3Pin at least two keys: current plus a backup not yet in use. On rotation you have margin.
- 4Build a mobile update path: before swapping the cert, push an app update with the new pin. Only swap the cert after 95 percent adoption.
- 5For browsers: HPKP is deprecated, use HSTS plus CT monitoring for similar protection without lockout risk.
When to bring us in
If you have a mobile app with pinning and a cert expiry within 30 days, we can plan the rotation before the app goes dark.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.