Tls certificate renewal

Recently we faced an issue when cloudflare updated its universal certificate, causing our mobile app to fail as it was using certificate pining.

My question: Is there a way to ensure the public key of the cloudflare cert does not change when the certificate is renewed(either universal,advanced or custom certificate)?

I did look into certificate transperancy option but i believe the success of that depends on the particiapting CAs, browsers etc. Also as I understand there is operational overhead too to monitor the logs?

Hey there,

Unfortunately Cloudflare doesn’t actually support Certificate pinning - you can view this here: Certificate pinning · Cloudflare SSL/TLS docs

As for keeping public keys the same - unfortunately this can’t be done for Universal or Advanced certificates.

However, you may wish to look at a Business plan and Custom Certificates - as depending on the vendor there is a possibility to maintain the same public key - but you will have to manage the certificate renewals yourself: Custom certificates · Cloudflare SSL/TLS docs

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.