What happens if a client encounters an untrusted certificate in a certificate pinning scenario?

In a certificate pinning scenario, if a client encounters an untrusted certificate, the connection will be blocked due to the untrusted certificate. Certificate pinning is a security measure used to ensure that a client can communicate securely with a specific server by checking the server’s certificate against a stored, trusted certificate. This mechanism helps prevent man-in-the-middle attacks and ensures that the client only connects to servers that are known and trusted.

When the client identifies that the certificate presented by the server does not match the expected certificate (due to it being untrusted or compromised), the connection will not proceed. This strict enforcement is crucial in maintaining the integrity and security of the data exchanged. By blocking the connection, it prevents any potential exposure to malicious actors who might impersonate the server, thereby safeguarding user data and maintaining trust in the communication channel.