CMD, Windows

Windows Hello – The certificate used for authentication has expired

If you are experiencing a problem where your Windows Hello Pin does not work anymore, and you are seeing the following error message:

The certificate used for authentication has expired

This is probably because your Windows Hello Certificate has expired, and the auto-renewal did not work.

Follow the following steps to fix this issue:

Step 1: Remove expired smartcard certificate

  • To do this, open “Run” application and then type “mmc.exe”
  • Double click on User Certificates
  • Open Personal > Certificates
  • Find the expired certificate with description “Windows Hello Pin”
  • Delete this certificate

Step 2: Reset Hello Pin

To do this, open Command Prompt as Administrator. Then run

dsregcmd /leave

Step 3: Restart Computer

Step 4: Windows upon restart will ask you to reset your Hello Pin

Behind the scenes a new certificate will also be created with a future expiration date.

Step 5: Run gpupdate /force /wait:-1