From 96465075f4a56a811cee28ec3da7e5c994f4fa5e Mon Sep 17 00:00:00 2001
From: David Dworken <david@daviddworken.com>
Date: Fri, 6 Nov 2015 21:23:10 -0500
Subject: [PATCH] Added information on cert pinning (Fixes #689)

---
 docs/certinstall.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/certinstall.rst b/docs/certinstall.rst
index 542c6dd23..2e0418375 100644
--- a/docs/certinstall.rst
+++ b/docs/certinstall.rst
@@ -105,6 +105,16 @@ configure your testing system or browser to trust the mitmproxy CA as a
 signing root authority. For security reasons, the mitmproxy CA is generated uniquely on the first
 start and is not shared between mitmproxy installations on different devices.
 
+Some applications pin their SSL certificates in order to prevent MITM attacks.
+This means that **mitmproxy** and **mitmdump's** certificates will not be
+accepted by these applications. This is because when an application pins a
+certificate it requires that SSL traffic is encrypted with a specific
+certificate rather than any certificate that is signed by a trusted Certificate
+Authority (CA). In order to work around this, it is recommended to use the 
+`Ignore Domains <http://docs.mitmproxy.org/en/stable/features/passthrough.html#ignore-domains>`_
+feature in order to prevent **mitmproxy** and **mitmdump** from intercepting
+traffic to these specific domains. 
+
 
 CA and cert files
 -----------------