This repository contains the complete list of Dropbox's certificate pins, which are used inside Dropbox's file sync & share clients to restrict which certificate authorities are trusted.
Dropbox does not recommend that application developers use certificate pinning inside their third-party applications, as it is difficult to maintain updates to the pinset and because end-users can experience outages if their applications are not updated to the latest pinsets. Instead, developers should rely on their operating system or programming language's built-in certificate validation mechanisms.
Nevertheless, we continue to provide our pinset for reference, for application developers who have users with particularly sensitive security needs.
There are two sets of pinsets provided:
pinned_rootscontains each individual root certificate pin, in PEM formattrust_storescontains compiled pinsets, in various formatspinned_roots.pemcontains the pinset in concatenated PEM formatpinned_roots.pfxcontains the pinset in PKCS #12 formatpinned_roots.bkscontains the pinset in Bouncy Castle's BKS format, using the required passwordchangeit