[voltagex_]

I visit sites with cert pinning at $EMPLOYER. $EMPLOYER runs a very expensive solution from Blue Coat which includes a MITM CA - no issues intercepting anything here. Amusingly, this meant the proxy itself was vulnerable to Heartblead while the client machines were not.

[MichaelGG]

Browsers know this is s common downside to corp environments and excuse them if the proxy cert is installed. Arbitrary apps don't have to follow that.

[btgeekboy]

The only foolproof way to get around this is to hardcode the certificate into the application itself, or at least the intermediate chain. Otherwise, you could have always intercepted the first request and made that the certificate of record.