Do Not Pin the Apigee “Use built-in free trial” certificate to your Apps

Certificate pinning ensures your clients and applications will only establish TLS connections with a server using a specific certificate, whereby the client will only establish a connection if the certificate being presented matches what it expects. This can be useful in situations where clients may be at risk of trusting certificate authorities they shouldn’t. But if not used carefully, it can cause connectivity issues between apps and endpoints.

For security reasons Apigee rotates the “built-in free trial” certificate every 90 days. This means that any mobile phone app that is pinning this certificate, and has already gone through the Android Play Store, or iOS App store approval process, could lose connectivity to your proxy endpoints until they can be updated - a process that typically requires time and further approvals.

Furthermore, just as a reminder, these certificates are owned and controlled by Apigee. They are meant for use with *.apigee.net domains. For production environments, we strongly recommend that your organization use its own certificates, for domains it controls. And for certificate pinning it is absolutely crucial that your organization use its own certificates (for anything outside of testing).

https://docs.apigee.com/api-platform/fundamentals/faq-configuring-virtual-hosts-edge-cloud#caniupdat...

https://docs.apigee.com/api-platform/fundamentals/configuring-virtual-hosts-cloud#creatingavirtualho...

Version history
Last update:
‎08-22-2020 12:59 AM
Updated by: