This is not a feature we offer by default for customers as the Ably platform needs to reserve the right to change certificates for a number of reasons, such as if we are under a monumental DDoS attack, we may change our default endpoints and potentially the certs as a result.
However, if an organization does require certificate or public key pinning, we can offer this as follows:
- Customers must provide two certificates that will be used for pinning (primary and secondary)
- We will set up dedicated endpoints and load balancers that serve these certificates, see custom CNAME endpoints for more info
- We customise the client libraries a customer needs to support certificate pinning
- Customers must be on an Enterprise plan