Extracting backup Okta/Oktapreview domain certificate public key hash


I am working on a project which integrates Okta for Authentication of users

I have implemented PublicKeyPinning feature to prevent MITM attacks by grabbing the certificate of the Okta/Oktapreview domain and generating the hash from the Public Key of the certificate and comparing the generated value with hardcoded value in code.

This feature works fine and has no issues.

My query here is, if the primary certificate of Okta/Oktapreview domain expires or is replaced, do we have a backup certificate ?
If we do have a backup certificate, how can I get the public key of the backup certificate so that I can hardcode the hash of the public key in my code?

I have not heard of any “backup” certificates for Okta sites. To be honest I’ve never seen any backups for other sites either, but maybe I just haven’t seen enough of different sites… :slight_smile: