When setting up an external Package Feed we'd like to be able to pin the SSL certificate thumbprint of the external feed to make it even more unlikely we'd accidentally fetch packages from a source through DNS poisoning, redirect or or man-in-the-middle attack.