Certificate Pinning allows increased security on top of the commonly used SSL protocol for mobile apps. It assists to prevent certificate hijacks and mitigates implications from compromised certificate authorities. By using Certificate Pinning, apps have an additional validation of the server’s certificate.
In order to use Certificate Pinning, the brand will need to go through an on-boarding process. This process includes setting up the Vanity URL feature, which is a prerequisite to using Certificate Pinning. The on-boarding process includes the following steps:
-
Request to use the feature from the account team.
-
Filling the Vanity URL feature request form.
-
Purchasing a SAN certificate according to a CSR which will be provided by the account team.
-
Providing the purchased certificate to LivePerson.
-
LivePerson internal configuration.
The duration of the on-boarding process will be according to LivePerson's SLA.
Using the feature
Using the described functionality without having the feature configured will result in failures while trying to communicate with LivePerson’s servers.
In order to add the feature on Android you need to add the public keys with associated domains to the SDK:
- The brand should extract the public keys of the SAN certificate that was provided to LivePerson.
- The keys with domains should be added to the object of class
LPAuthenticationParams.
Multiple keys can be added, as long as provided key will match the returned key, the connection will be initiated.
Code sample
void launchWithCerPinKeys() {
ConversationViewParams conversationParams = new ConversationViewParams();
LPAuthenticationParams authenticationParams = new LPAuthenticationParams(LPAuthenticationType.AUTH);
authenticationParams.addCertificatePinningKey("your-domain-1","your-pinning-key-1");
authenticationParams.addCertificatePinningKey("your-domain-2","your-pinning-key-2");
LivePerson.showConversation(this, authenticationParams, converstionParams);
}