How do I configure SSL pinning with HYPR?


SSL Pinning enhances the security of the overall HYPR ecosystem and prevents any MITM (Man-in-the-Middle) attacks. Before any HTTPS communication, the client makes sure that the server is trusted by the client. After SSL Pinning is enabled, all subsequent registration, authentication and de-registration request will check the validity of the certificate. The client will check the certificate which the server has and will make sure the client certificate hash matches the hash of the server certificate before proceeding withe any HTTPS request.



Admins have to go to the SSL Pinning section, which is globally located in the settings under Control Center to upload the certificates. Make sure to have two different certificate in order for SSL Pinning to function.


iOS apps require two SSL pins. Please upload two certificates with a key each or one certificate that has two keys.



Step 1. Upload SSL Pinning Certificates

Step 2. Clicking on enable SSL Pinning toggle button will ask to upload the certificate

Step 3. View after uploading a first certificate


If you are enabling SSL Pinning, please make sure to upload two certificates. Uploading one certificate will cause the registration to fail


Step 4. View after uploading two certificates


SSL Pinning Information

Please see the information about SSL Pinning details below:

Field Description
Certificate This is the file name of the certificate which is being uploaded.
Valid From This is the start date of the certificate from when it is valid from.
Valid To The expiry date of the certificate.
Order It can be primary or alternate. An admin can choose to make a certificate primary while uploading the second certificate. The primary will be one used for pinning and alternate can be used in place of primary when the primary expires.
Status It can be either active or expired.
Actions An admin can click on delete to delete the certificates. Please note that deletion will not revoke the certificates.

Disabling SSL Pinning

An admin can disable SSL Pinning by clicking on the toggle button, upon which the following dialogue box will be presented



This is a destructive action which cannot be undone. The certificates will be removed and pinning will be disabled after clicking DISABLE.


What will happen if a certificate expires?

Currently, administrators can upload two certificates. If the primary gets expired then

  1. Admins can make the secondary as the primary for ssl pinning.
  2. Replace the primary with a new valid certificate
Was this article helpful?
0 out of 0 found this helpful