SSL Pinning

Netmera SDK supports SSL pinning to ensure secure communication between your app and Netmera servers. There are two methods to implement SSL pinning: using a certificate file or using Info.plist configuration. You must choose only one method; implementing both will cause issues. Below are the detailed steps for both integration options.

The Netmera SDK supports SSL pinning to ensure secure communication with our servers. You can implement SSL pinning in one of two ways:

1. Using a Certificate File (netmera.com.cer) (Supports iOS 11 and above)

2. Using Info.plist Configuration (Supports iOS 14 and above)

Compatibility

Integration Option 1: Using a Certificate File (iOS 11 and Above)

This method is supported on iOS 11 and above.

Step 1: Add the Certificate to Your Project

1. Download the netmera.com.cer certificate file.

2. Add the certificate to your Xcode project.

3. Ensure the certificate is included in your app's target.

Step 2: The Certificate File Name Must Be netmera.com.cer

1. The SDK looks for the file named netmera.com.cer in your app's project bundle. Ensure the file name matches exactly.

No Additional Configuration Needed

Once the certificate is added with the correct name, the SDK will automatically detect it and enable SSL pinning.

Integration Option 2: Using Info.plist Configuration (iOS 14 and Above)

This method is supported on iOS 14 and above.

Step 1: Generate the Public Key Hash

1. Use the following OpenSSL command to generate the public key hash for the certificate:

openssl s_client -showcerts -servername your-custom-url.com -connect your-custom-url.com:443 </dev/null 2>/dev/null | \
openssl x509 -outform PEM | \
openssl x509 -inform pem -noout -outform pem -pubkey | \
openssl pkey -pubin -inform pem -outform der | \
openssl dgst -sha256 -binary | openssl enc -base64

1. Replace your-custom-url.com with your custom domain (for on-premises customers) or use sdkapi.netmera.com for the default Netmera service.

Example output:

A1C7RK0nAsHviju64ImO48VgSY5FdOMxv9GJh0uMXJQ=

Step 2: Add the Configuration to Info.plist

1. Open your app’s Info.plist file.

2. Add the following configuration to enable SSL pinning:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
    <key>NSPinnedDomains</key>
    <dict>
        <key>your-custom-url.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSPinnedLeafIdentities</key>
            <array>
                <dict>
                    <key>SPKI-SHA256-BASE64</key>
                    <string>A1C7RK0nAsHviju64ImO48VgSY5FdOMxv9GJh0uMXJQ=</string>
                </dict>
            </array>
        </dict>
    </dict>
</dict>

Step 3: Save and Build Your Project

After adding the configuration, save the Info.plist file and rebuild your project.

Important Notes

1. Choose Only One Method:

   • Do not use both methods simultaneously. The SDK will not function correctly if both methods are implemented. Select the method that aligns with your project requirements.

2. On-Premises Customers:

   • The certificate file name must remain netmera.com.cer.

   • If you are using the Info.plist method, replace sdkapi.netmera.com with your custom URL.

3. Certificate Updates: If the server certificate changes, update the netmera.com.cer file or regenerate the public key hash and update your Info.plist.

4. Testing: Test your SSL pinning implementation using tools like Proxyman to verify that requests fail if the certificate or key hash does not match.