| What
Document how the cert pinning implementation works for internal services - how the cert pins are generated based off the hostnames of the servers to where they are consumed by the OkHttp code. We also need to point out that certificate pinning can cause applications to be bricked if done incorrectly, config changed or the services CA changes in production. Why
To make it easy for an end developer know what way pinning is implemented for internal services compared to external services. To warn end developers/operations of the dangers/maintenance of rolling out certificate pinning, and that this is enabled by default for internal services.
Trello link |
