What is SSL Pinning?

Turkish: SSL Pinning

SSL pinning makes a mobile app trust only an expected certificate or public key, reducing man-in-the-middle risk.

What is SSL Pinning?

SSL pinning makes an application verify the server’s TLS certificate not only against the operating system trust store, but also against a certificate or public key value embedded in the app. If the expected value does not match, the app closes the connection.

This adds protection in mobile scenarios where a malicious root certificate is installed on the device or traffic is intercepted through a proxy. SSL/TLS still provides the base encrypted channel; pinning adds a rule that the app must trust only specific server identities.

When to Use It

Pinning is considered for banking, wallet, healthcare, enterprise messaging, and other high-sensitivity mobile-first applications. It also has operational cost. If certificate renewal, intermediate certificate changes, or CDN migration are not planned carefully, the app may fail to connect for real users.

For that reason, teams often pin the public key instead of the whole certificate, keep backup pins, and release changes gradually. SSL pinning does not fix weak API authentication or poor key storage; it should be designed as one layer of a broader mobile security model.