I am working on a project which integrates Okta for Authentication of users
I have implemented PublicKeyPinning feature to prevent MITM attacks by grabbing the certificate of the Okta/Oktapreview domain and generating the hash from the Public Key of the certificate and comparing the generated value with hardcoded value in code.
This feature works fine and has no issues.
My query here is, if the primary certificate of Okta/Oktapreview domain expires or is replaced, do we have a backup certificate ?
If we do have a backup certificate, how can I get the public key of the backup certificate so that I can hardcode the hash of the public key in my code?