Product: HYPR WFA
Applicable Version(s): 6.5 and above

This assumes HYPR WFA and Windows CA are installed and configured and a certificate has been  issued.

When a user deregisters either a mobile device or security key, a manual revocation of the certificate might be needed.


  1. To revoke a certificate using the certutil command, launch the command prompt as an admin from Windows CA server or Windows Server 2012 and above.

  2. Run the following command using this format: certutil [options] -revoke serialnumber [reason]

    certutil -config "MachineName\CAName" -revoke certificateSerialNumber  revocationReason


    NOTE: Smart card serial numbers can be found in the HYPR Workforce Access Client logs or AD CS CA.
Version Date Comment
Current Version (v. 6) Apr 25, 2023 8:46 Nilesh Doiphode
v. 5 May 06, 2022 16:42 Khedron de León
v. 4 Mar 16, 2022 15:18 Sean Dyon
v. 3 Oct 31, 2021 20:13 Nilesh Doiphode
v. 2 Oct 31, 2021 20:12 Nilesh Doiphode
v. 1 Sep 22, 2021 20:43 Nilesh Doiphode
Was this article helpful?
2 out of 2 found this helpful