SSL Pinning


SSL Pinning enhances the security of the overall HYPR ecosystem and prevents MITM (Man-In-The-Middle) attacks. Before any HTTPS communication occurs, the client checks that the server is trusted by the client. After SSL Pinning is enabled, all subsequent registration, authentication, and de-registration requests are checked for a valid certificate. The client will check the certificate which server has and will make sure the client certificate hash matches the hash of the server certificate before proceeding withe any HTTPS request.


Two different certificates are required for SSL Pinning to work. You can upload the certificates in the SSL Pinning section, located in the global Settings of the FIDO Control Center.

The Control Center supports certificates in the PEM format in Base64 ASCII. Only .pem, .crt, .cer file types can be uploaded to the Control Center.


Two SSL pins are required

The iOS app requires two SSL pins. Be sure to upload two certificates. File types supported include: .pem, .crt, and .cer


Step 1. Upload SSL Pinning Certificates


Step 2. Clicking the SSL Pinning toggle button will display a pop-up where you can upload certificates.


Step 3. View after uploading the first certificate



Certificates are required

If you are enabling SSL Pinning, be sure to upload two certificates. Uploading one certificate will fail the registration

Step 4. View after uploading two certificates


SSL Pinning Information

See the SSL Pinning information details below:

CertificateThis is the file name of the certificate which is being uploaded.
Valid FromThis is the start date of the certificate from when it is valid from.
Valid ToThe expiry date of the certificate.
OrderIt can be primary or alternate. An admin can choose to make a certificate primary while uploading the second certificate. The primary will be one used for pinning and alternate can be used in place of primary when the primary expires.
StatusIt can be either active or expired.
ActionsAn admin can click on Delete to remove certificates. Please note that deletion will not revoke the certificates.

Disabling SSL Pinning

An admin can disable SSL Pinning by clicking on the toggle button. A pop-up will appear to confirm if you want to disable SSL Pinning.




Once you click Disable, certificates will be removed and pinning will be disabled. This cannot be undone and you will be required to upload certificates again to enable SSL Pinning.

What will happen if the certificate expire?

Currently, administrators can upload two certificate. If the primary gets expired then

  1. Admins can make the secondary as the primary for SSL Pinning.
  2. Replace the primary with a new valid certificate.