Skip to main content
Version: 10.7.0

Certificate Renewal for the HYPR Mobile App: Admins

User Experience

The Certificate Renewal user experience is detailed under HYPR Passwordless Device Management.

HYPR certificate renewal extends to devices with the HYPR Mobile App (Android and iOS) installed. As with other certificate renewals in HYPR, HYPR Passwordless for Windows will warn the user at 30 days that a pending renewal awaits, and at 7 days, the user will no longer be able to Snooze the message.

How It Works

For HYPR Mobile App authentication, the HYPR Passwordless for Windows client uses certificates issued by the Active Directory (AD) Certificate Authority (CA).

To help ensure the certificate remains valid, HYPR Passwordless will attempt to automatically renew the certificate when the expiration date is approaching, which by default is 30 days in advance. If this action remains incomplete, HYPR Passwordless will actively remind the user until renewal is accomplished. This is governed by manually updating the following registry parameters found under Computer\HKEY_LOCAL_MACHINE\SOFTWARE\HYPR Workforce Access:

  • Reenroll Certificate Before Expiration Days: The number of days before expiration to alert the user; defaults to 30

  • Reenroll Certificate Notify Before Expiration Days: The number of days before expiration to actively request the user to complete their renewal; defaults to 7

Control Center-Managed Certificate Renewal (HYPR 10.7.0+)

For Web Registration deployments, certificate renewal is managed by Control Center. Control Center tracks certificate expiration dates and automatically initiates renewal through the HYPR Enrollment Service when certificates are approaching expiration (default: 30 days before). Administrators can view pending certificate renewals in the Control Center User Management interface. The renewal timing can be configured using feature flags instead of registry parameters.

For more information about Web Registration, see Single Registration.

Upon identifying that a certificate renewal is required, the following steps occur:

  • For Workstation Registration: HYPR Passwordless will request a new certificate for the user

  • For Web Registration (HYPR 10.7.0+): Control Center automatically initiates certificate renewal through the Enrollment Service when expiration is approaching

  • During the next login/unlock session using the HYPR Mobile App, the workstation will transfer the new certificate to the HYPR Mobile App through the Control Center

  • The subsequent login/unlock events using the HYPR Mobile App will use the new certificate to establish the login session

Privacy, Please

Certificate renewal requires participating users to be connected to a secure network (VPN, domain-joined, etc.) to function. Don't worry, though - HYPR will remind them if they are not securely connected.