I'd like to suggest implementing certificate pinning by adding additional (MDM) configuration parameters:
-
connection.allow-only-certificate-fingerprints: a list of SHA256 certificate fingerprints. If present, only connections to servers whose certificate SHA256 fingerprint is present in the list will be made. All other connections will be canceled.
-
connection.allow-only-public-key-fingerprints: a list of SHA256 fingerprints of certificate public keys. If present, only connections to servers whose certificate's public key SHA256 fingerprint is present in the list will be made. All other connections will be canceled.
I'd like to suggest implementing certificate pinning by adding additional (MDM) configuration parameters:
connection.allow-only-certificate-fingerprints: a list of SHA256 certificate fingerprints. If present, only connections to servers whose certificate SHA256 fingerprint is present in the list will be made. All other connections will be canceled.connection.allow-only-public-key-fingerprints: a list of SHA256 fingerprints of certificate public keys. If present, only connections to servers whose certificate's public key SHA256 fingerprint is present in the list will be made. All other connections will be canceled.