By default, the server identity checking bases on the chain of trust. The system or browser has a list of trusted root CAs (Certificate Authorities). Those CAs, in turn trust the intermediate CAs, which finally trust the owner of the domain. The clients accept every trusted certificate. Including those issued in the future. Yet, we can configure the application to trust only given certificates. The latter is a certificate pinning.

Let’s check how to do that in Flutter and the pros and cons of pinning!

Project link: https://www.thedroidsonroids.com/blog/ssl-certificate-pinning-in-flutter