Runtime identity confirmation for restricted server communication control

What is claimed is: 1. An apparatus, comprising: a processor; and a memory coupled to the processor, the memory comprising at least one cached certificate and instructions, the instruction when executed by the processor cause the processor to: send, to a certificate rotation server, a request for certificates for use for an application executing on the processor to securely connect to a server, the request comprising an indication of metadata associated with the application, the metadata comprising a package name and a version number associated with the application; receive, based on an authentication of the application based on the package name and the version number, an information element from the certificate rotation server, the information element comprising an indication of at least one certificate; determine that the at least one certificate does not match the at least one cached certificate; and replace the at least one cached certificate with the at least one certificate based on the determination that the at least one certificate does not match the at least one cached certificate. 2. The apparatus of claim 1 , the instructions when executed by the processor further cause the processor to encrypt the request with a public key of an asymmetric keypair. 3. The apparatus of claim 2 , the instructions when executed by the processor further cause the processor to validate the information element with the public key. 4. The apparatus of claim 1 , the instructions when executed by the processor further cause the processor to identify the metadata. 5. The apparatus of claim 4 , the metadata further comprising an identifier associated with the application. 6. The apparatus of claim 1 , wherein at least the request or the information element is formatted according to a JavaScript object notation. 7. At least one non-transitory machine-readable storage medium comprising instructions that when executed by a processor at a computing device, cause the processor to: send, to a certificate rotation server, a request for certificates for use by an application executing on the processor to securely connect to a server, the request comprising an indication of metadata associated with the application, the metadata comprising a package name and a version number associated with the application, the request to replace at least one cached certificate used by the application; receive, based on an authentication of the application based on the package name and the version number, an information element from the certificate rotation server, the information element comprising an indication of at least one certificate; determine that the at least one certificate does not match the at least one cached certificate; and replace the at least one cached certificate with the at least one certificate based on the determination that the at least one certificate does not match the at least one cached certificate. 8. The at least one non-transitory machine-readable storage medium of claim 7 , the instructions when executed by the processor further cause the processor to encrypt the request with a public key of an asymmetric keypair. 9. The at least one non-transitory machine-readable storage medium of claim 8 , the instructions when executed by the processor further cause the processor to validate the information element with the public key. 10. The at least one non-transitory machine-readable storage medium of claim 7 , the instructions when executed by the processor further cause the processor to identify the metadata. 11. The at least one non-transitory machine-readable storage medium of claim 10 , the metadata further comprising an identifier associated with the application. 12. The at least one non-transitory machine-readable storage medium of claim 7 , wherein at least the request or the information element is formatted according to a JavaScript object notation. 13. A computer implemented method, comprising: sending, to a certificate rotation server, a request for certificates for use for an application to securely connect to a server, the request comprising an indication of metadata associated with the application, the metadata comprising a package name associated with the package name and a version number associated with the application, the request to replace at least one cached certificate used by the application; receiving, based on an authentication of the application based on the package name and the version number, an information element from the certificate rotation server, the information element comprising an indication of at least one certificate; determining that the at least one certificate does not match the at least one cached certificate; and replacing the at least one cached certificate with the at least one certificate based on the determination that the at least one certificate does not match the at least one cached certificate. 14. The method of claim 13 , comprising encrypting the request with a public key of an asymmetric keypair. 15. The method of claim 14 , comprising validating the information element with the public key. 16. The method of claim 13 , the metadata further comprising an identifier associated with the application. 17. A system, comprising: a non-transitory computer-readable medium comprising client instructions that when executed by a client processor at a client computing device, cause the client processor to: send, to a certificate rotation server, a request to provide a certificate to replace at least one cached certificate for use for an application executing on the client computing device to securely connect to a server, the request comprising an indication of metadata associated with an application executable by the client processor, the metadata comprising a package name associated with the package name and a version number associated with the application, receive, based on an authentication of the application based on the package name and the version number, an information element from the certificate rotation server, the information element comprising an indication of at least one certificate, determine that the at least one certificate does not match the at least one cached certificate, and replace the at least one cached certificate with the at least one certificate based on the determination that the at least one certificate does not match the at least one cached certificate; and the certificate rotation server, comprising: a server processor, and memory coupled to the server processor, the memory comprising server instructions that when executed by the server processor cause the server processor to: receive, from the client computing device, the request to provide the certificate to replace the cached certificate, determine, based in part on the package name and the version number, whether the application is authorized to receive certificates, identify, based in part on the metadata, at least one certificate from a plurality of certificates to provide to the computing device based on a determination that the application is authorized to receive the certificates, and send, responsive to the request, the information element to the client computing device. 18. The system of claim 17 , the client instructions when executed further cause the client processor to encrypt the request with a public key of an asymmetric keypair. 19. The system of claim 18 , the client instructions when executed further cause the client processor to validate the information element with the public key.