---
title: NSPinnedCAIdentities
framework: bundleresources
role: symbol
role_heading: Property List Key
path: bundleresources/information-property-list/nspinnedcaidentities
---

# NSPinnedCAIdentities

A list of allowed Certificate Authority certificates for a given domain name.

## Discussion

Discussion Provide an array of dictionaries as the value for this key. Each dictionary in the array contains the SPKI-SHA256-BASE64 key with a value that represents the Base64-encoded SHA-256 digest of an X.509 certificate’s DER-encoded ASN.1 Subject Public Key Info (SPKI) structure. NSPinnedCAIdentities : Array {     Dictionary {         SPKI-SHA256-BASE64 : String     } } When making a network connection to a named domain, App Transport Security (ATS) blocks the connection unless it can find the SPKI digest of at least one Certificate Authority (CA) or sub-CA certificate in the chain presented by the server. You must include this key or the NSPinnedLeafIdentities key or both in each domain-specific NSPinnedDomains subdictionary. If you include both, then both must produce a match.

## Topics

### Key Digests

- [SPKI-SHA256-BASE64](bundleresources/information-property-list/nspinnedcaidentities/spki-sha256-base64.md)

## See Also

### Identities

- [NSPinnedLeafIdentities](bundleresources/information-property-list/nspinnedleafidentities.md)