We have a certificate in use by a mobile app client to communicate to our service API. Our app is implementing SSL pinning against the fingerprint of the X1 intermediate certificate. Although the X3 certificate was created using the same private key, the fingerprint has still changed.
We have recently issued a renewal for the certificate but had to revert since the SSL pinning was not accepting the new X3 certificate. We do not require at all Windows XP support as this certificate is only used on mobile phones. Would it be possible to add an option to the client to renew the certificate against the X1 certificate?