SSL pinning

Sounds like your app will have an embedded certificate in it? are you using a CA signed certificate or self-signed? Certificate pinning basically means your app will contain the certificate embedded in that you will also host on your front end / perimeter F5 where the SSL negotiation is taking place. However any changes to your certificate will require application updates in order for SSL to continue to negotiate.

You can embed a host checker(domain level) in your app that makes sure the connection it makes using SSL to your F5 has a valid domain signed by a CA. for example your mobile app will validate that the SSL connection it makes have a valid CA signed domaon such as . Now when the app makes a connection as long as your F5 VS SSL profile has that cert named something.yourcompany.com and signed by the CA you specified in your app then the SSL connection will negotiated.