VIP AH Client SDK is using public key from hardcoded certificate. Would the expiry of the certificate cause functionality issue?
search cancel

VIP AH Client SDK is using public key from hardcoded certificate. Would the expiry of the certificate cause functionality issue?

book

Article ID: 367249

calendar_today

Updated On:

Products

SITEMINDER VIP Authentication Hub

Issue/Introduction

Use case:

 

VIP AuthHub SDK is used for IOS/Android app and is involving trusted devices.

In this case, the device footprint will be encrypted using the public key coming from a hardcoded certificate.

Certificate will eventually expire, would it cause outage?

Environment

VIP AH ~ 2.3.1

Resolution

As of now client SDK does not validate the certificate expiry hence it is pure PKI where client SDK just extract the public key from the hardcoded cert and encrypt the part of the device signature.

So for now, there is no expiry involved in the validation of device signature in trusted device flow.