Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.