# Certificate pinning
# Calculating the certificate pin
To calculate the certificate pin, you need to have the certificate. If you do not have the certificate, then you can get it by going to the URL in your web browser. Then, use your browser to download the certificate.
# PEM format
If the certificate is in PEM format, then you can calculate the hash with OpenSSL as follows:
openssl x509 -in certificate.pem -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# DER format
If the certificate is in DER format, then you can calculate the hash with OpenSSL as follows:
openssl x509 -in certificate.der -pubkey -noout -inform der | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
# How to set it up
You can support TLS/SSL certificate pinning with Encap by calling setPublicKeyHashes() on the config object, before setting the config on the controller.
You can add one or more certificate hashes from the web server's certificate chain before establishing a TLS/SSL connection.
Ensure that you add the algorithm used in front of the hash, separated by a /. For example:
config.setPublicKeyHashes(new String[]{"sha256/47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="});
controller.setConfig(config.build());