Skip to main content

Certificate Renewal for Security Keys: Users

Admin Configuration

To configure the Certificate Renewal user experience, see Certificates in HYPR.

For security key and smart-card authentication, the HYPR Passwordless client application for Windows uses certificates issued by the Active Directory (AD) Certificate Services (CS). To help ensure the certificate remains valid, HYPR Passwordless will display a warning over the pairing icon, and the application will also display a tray notification prompting the user to renew when the expiration date is within 30 days.

In both cases, clicking Renew Key will trigger a manual renewal of the expired certificate.



As the expiration date approaches the Snooze button will not appear, and the notification will not automatically dismiss itself if the user waits, forcing them to acknowledge it and go through the renewal process.

When the user clicks Renew Key, the HYPR Passwordless client checks to make sure the security key or smart-card is plugged onto the workstation then prompts the user to enter their PIN.



If the PIN is valid, the HYPR Passwordless client automatically communicates with the CA to obtain a new certificate and place it on the device.

How It Works

To help ensure security key or smart-card certificates remain valid, the HYPR Passwordless client will start notifying the user to plug in their key and renew the key's certificate when the expiration date is approaching. If this action remains incomplete, the HYPR Passwordless client will actively remind the user until renewal is accomplished.

At 1 day prior to expiration, the Snooze button will no longer be an option.

Privacy, Please

Certificate renewal requires you to be connected to a secure network (VPN, domain-joined, etc.) to function. Don't worry, though - HYPR will remind you if you're not securely connected.