SSL Pinning enhances the security of the overall HYPR ecosystem and prevents any MITM (Man-in-the-Middle) attacks. Before any HTTPS communication, the client makes sure that the server is trusted by the client. After SSL Pinning is enabled, all subsequent registration, authentication and de-registration request will check the validity of the certificate. The client will check the certificate which the server has and will make sure the client certificate hash matches the hash of the server certificate before proceeding withe any HTTPS request.
Admins have to go to the SSL Pinning section, which is globally located in the settings under Control Center to upload the certificates. Make sure to have two different certificate in order for SSL Pinning to function.
iOS apps require two SSL pins. Please upload two certificates with a key each or one certificate that has two keys.
Step 1. Upload SSL Pinning Certificates
Step 2. Clicking on enable SSL Pinning toggle button will ask to upload the certificate
Step 3. View after uploading a first certificate
If you are enabling SSL Pinning, please make sure to upload two certificates. Uploading one certificate will cause the registration to fail
Step 4. View after uploading two certificates
SSL Pinning Information
Please see the information about SSL Pinning details below:
|Certificate||This is the file name of the certificate which is being uploaded.|
|Valid From||This is the start date of the certificate from when it is valid from.|
|Valid To||The expiry date of the certificate.|
|Order||It can be primary or alternate. An admin can choose to make a certificate primary while uploading the second certificate. The primary will be one used for pinning and alternate can be used in place of primary when the primary expires.|
|Status||It can be either active or expired.|
|Actions||An admin can click on delete to delete the certificates. Please note that deletion will not revoke the certificates.|
Disabling SSL Pinning
An admin can disable SSL Pinning by clicking on the toggle button, upon which the following dialogue box will be presented
This is a destructive action which cannot be undone. The certificates will be removed and pinning will be disabled after clicking DISABLE.
Currently, administrators can upload two certificates. If the primary gets expired then
- Admins can make the secondary as the primary for ssl pinning.
- Replace the primary with a new valid certificate