WARNING: This server is unstable and will be retired in the next days.
If you want to keep this forum available, please request immediately a migration
on the Nabble Support forum.
Forums that don't receive any migration request will be deleted forever.
On Sat, Jul 7, 2012 at 2:27 PM, <proper@...> wrote:
> is it possible to sign a foreign SSL public key without having CSR/private key?
> Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA.
Sorry to dig up an old topic.
"Essentially, this circumvention technique relies
on installing certificates for a fake in-app purchase
server as well as a custom DNS server," writes
ZDNet's Emil Protalinski. "The latter's IP address
is then mapped to the former, which in turn allows
all 'purchases' to go through.
PKI and DNS are complicit here, also. I'm not sure if Apple exposes
any pinning functionality in their StoreKit API.