Does a public key stay the same when a certificate is renewed?

Question

So I'm implementing certificate pinning on iOS and it was recommended that we check the certificate chain using public key hash values.

The rationale for this lay in the fact that we were told that renewing the server certificate kept the same public key. As such, the certificate on the server could be renewed when it expired, and that such renewal would have no impact on the app.

IOW, I wouldn't need to update the app with a new certificate.

Note the certificates in question are signed by a public CA (Digicert).

Currently we get around the issue by pinning to the intermediate certificate that signed the leaf certificate (longer shelf life). Equally obviously, that's somewhat less secure than pinning to the leaf.

However, I've run across some comments that imply that renewing a leaf certificate creates a new public key. Particularly if that renewal is done by generating a new CSR.

So which is it?

Or to restate the question:

When I've installed certificates on a server, I've typically done so by creating a renewal CSR and giving it to the CA. When the CA gives me a new (renewed) certificate and I install it, will it have the same public key as the old certificate?

If the answer is always: yes, then I'm good. If the answer is no, then I need to do something else.

And if the answer is a definitive "maybe", then I'm pretty much in the same boat as a no.

Answer 1

I've typically done so by creating a renewal CSR and giving it to the CA. When the CA gives me a new (renewed) certificate and I install it, will it have the same public key as the old certificate?

The CA copies the public key from the CSR to the Certificate. When you create the CSR it is up to you what key you put in it. You can choose to use the same key as last time, you can chooose to use a freshly generated key, you can choose to use a key you just pulled out of your cold storage vault, it's all up to you.

Currently we get around the issue by pinning to the intermediate certificate that signed the leaf certificate (longer shelf life).

This is a bad idea. There is no gaurantee that future cerfificates will be issued from the same intermediate cert.

So I'm implementing certificate pinning

I strongly suggest the following.

1. Only pin the end entity key, don't try to pin the whole chain. You have no idea whether future certificates will be issued by the same root and intermediate keys.
2. Make sure you have spare keys that will be recognised by your client, having your application recognise only a single key leaves you up shit creek without a paddle if that key is compromised. Your spare keys should be kept in cold storage and ideally should include a selection of types/strengths in case you need to move to stronger keys in the future.

Answer 2

SOMETIMES a key is re-used. If you have no reason to believe the old key is compromised, this may be a good idea.

But if a key is compromised (e.g. somebody stole your private key) then you need to be able to generate a new key. So your application needs to be able to handle either re-using an old key OR generating a new key.

You should absolutely verify the certificate chain. That's part of opening a trusted TLS connection. More accurately, you should configure whichever standard library you are using, such as OpenSSL, to do this for you.

And for certificate pinning you should check the leaf certificate. I assume a library can do this for you as well but have no experience with that.