The server communicates the HPKP policy to the user agent via an HTTP response header field named Public-Key-Pins (or Public-Key-Pins-Report-Only for reporting-only purposes).
The HPKP policy specifies hashes of the subject public key info of one of the certificates in the website's authentic X.509 public key certificate chain (and at least one backup key) in pin-sha256 directives, and a period of time during which the user agent shall enforce public key pinning in max-age directive, optional includeSubDomains directive to include all subdomains (of the domain that sent the header) in pinning policy and optional report-uri directive with URL where to send pinning violation reports. At least one of the public keys of the certificates in the certificate chain needs to match a pinned public key in order for the chain to be considered valid by the user agent.
The central gocollect server shall use the Public-Key-Pins header.
The gocollect daemon shall use that header (store the HPKP values in /var/lib/gocollect for reuse).
The central gocollect server shall use the
Public-Key-Pinsheader. The gocollect daemon shall use that header (store the HPKP values in /var/lib/gocollect for reuse).See for possible package https://github.com/tam7t/hpkp. HTTP client can be updated like this: