← Back to glossary

📌

Certificate Pinning

Security

TLS (Transport Layer Security) HTTPS Man‑in‑the‑Middle Attack Certificate Authority (CA)

Only trusting specific certificates for a service.

Definition

Certificate pinning means an app “remembers” which certificate (or public key) a service should use, and rejects others.

In plain English Only trusting specific certificates for a service.

Why this matters

Why it matters: It can reduce certain MITM risks, especially if a CA is compromised, but it can also cause connection issues if managed poorly.

Example

Example: A banking app only accepts a known certificate key for its API.