What does DigiCert recommend regarding certificate pinning?

DigiCert recommends being cautious about using certificate pinning due to the potential issues it can create with SSL inspection. Certificate pinning is a security measure that helps prevent man-in-the-middle attacks by associating a host with its expected certificate or public key. While this enhances security for certain applications by limiting the risk of certificates being spoofed, it can lead to complications in environments where SSL interception is employed.

When SSL inspection is in use, traffic is decrypted and inspected for threats, which can result in the original certificate being replaced by a trusted domain's certificate. If a pinned certificate doesn't match the one provided during SSL inspection, it can lead to connection failures. Therefore, DigiCert advises a more selective approach, suggesting that certificate pinning should be implemented carefully based on specific application requirements instead of universally across all applications or connections. This allows organizations to still leverage the benefits of security without inadvertently causing connectivity issues.