{"id":244,"date":"2026-03-06T03:29:02","date_gmt":"2026-03-06T03:29:02","guid":{"rendered":"https:\/\/shadowboat.app\/lancexapp\/?p=244"},"modified":"2026-03-10T10:08:13","modified_gmt":"2026-03-10T10:08:13","slug":"certificate-pinning","status":"publish","type":"post","link":"https:\/\/shadowboat.app\/lancexapp\/certificate-pinning\/","title":{"rendered":"Certificate Pinning"},"content":{"rendered":"\n<div class=\"wp-block-jetpack-markdown\"><p><strong>Certificate Pinning<\/strong> lets you specify one or more SHA\u2011256 fingerprints of certificates that must appear in the server\u2019s TLS chain.\nLanceX can pin either the leaf certificate or a CA certificate (intermediate or root) present in the verified chain.<\/p>\n<h2>The Hash (either of them is supported)<\/h2>\n<ol>\n<li>It can be computed over the certificate\u2019s DER bytes (the exact ASN.1 encoding in <code>x509.Certificate.Raw<\/code>).<\/li>\n<li>It is the same as <a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTP_Public_Key_Pinning\">HPKP<\/a>\u2019s algorithm, which is computed over the public key information.<\/li>\n<\/ol>\n<h2>Mechanism<\/h2>\n<ol>\n<li>If the hash matches the leaf certificate, it will be accepted immediately.<\/li>\n<li>If the hash matches a root or intermediate certificate, the application will verify all certificates between it and the leaf.<\/li>\n<\/ol>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-244","post","type-post","status-publish","format-standard","hentry","category-usage"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/posts\/244","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/comments?post=244"}],"version-history":[{"count":3,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/posts\/244\/revisions"}],"predecessor-version":[{"id":248,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/posts\/244\/revisions\/248"}],"wp:attachment":[{"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/media?parent=244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/categories?post=244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shadowboat.app\/lancexapp\/wp-json\/wp\/v2\/tags?post=244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}