SSL pinning in Android : Using public certificate and BKS file

Step 1: Obtain your Public Key certificate

Step 2: Create a BKS file

SSL Pinning: Pin 2 different certificates into same BKS file

Step 2: Apply SSL pinning to OkHttp Client

  • Context
  • BKS file
  • BKS password (which you type in the command line)
RawCertificatePinner pinner = new RawCertificatePinner(context, R.raw.mycertificate, "mypassword");OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder = rawCertificatePinner.pinCertificate(builder);
return new Retrofit.Builder()
.client(builder.build())
...
.build();

Summary

  • Collect your public key/keys from your security guy or browser
  • Create BKS file using command line (With Bouncy Castle Provider)
  • Add BKS file to your res/raw folder
  • Create RawCertificatePinner instance
  • Attach RawCertificatePinner instance to your okhttp.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store