Certificate Pinning - CI/CD Glossary Definition
Certificate pinning is hard-coding the expected certificate or public key of a server in a client, so the client rejects any other certificate even if it is signed by a trusted CA. It defends against rogue or compromised certificate authorities.
Trade-off
Pinning blocks man-in-the-middle attacks via fraudulent certificates, but a pinned certificate that expires or rotates without a client update breaks connectivity, so pins must be managed alongside rotation.
Related guides
Mutual TLS (mTLS) - CI/CD Glossary DefinitionMutual TLS (mTLS): Mutual TLS is TLS in which both the client and the server present and verify certificates,…
TLS Termination - CI/CD Glossary DefinitionTLS Termination: TLS termination is decrypting incoming HTTPS traffic at a load balancer or reverse proxy, so…
Key Rotation - CI/CD Glossary DefinitionKey Rotation: Key rotation is replacing cryptographic keys or credentials on a schedule or after suspected ex…