- 05 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Certificate-Based Device Validation (Windows-only)
- Updated on 05 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
What is Certificate-Based Device Validation?
This is an enhanced security feature built into our ScreenMeet Remote Support Client for Windows. When enabled, this feature will cause the service to reject any incoming requests from endpoints without the appropriate certificate installed, thus preventing any unmanaged Windows clients from connecting to your organization's ScreenMeet Remote Support services.
When should you use Certificate-Based Device Validation?
If you would like to restrict access to your ScreenMeet Remote Support service to specific Windows endpoints that are managed by your organization. These are typically endpoints managed by an MDM solution that can install/manage certificates on the endpoints.
How do I configure Certificate-Based Device Validation?
You will need to do the following:
- Issue certificates for all devices that should be allowed to connect to the ScreenMeet Remote Support service.
- Install the certificates onto the allowed devices
- Add the issuing certificate information (.pem) to your organization's configuration in the ScreenMeet Agent Portal
Issue and install certificates on managed devices
This is typically done by your IT Administrator.
Decide on a Issuer Common Name to use for the certificate
This is the name that will be:
- specified in the issuing certificate (
pem
) - encoded in the certificate (
p7b
) as part of the Issuer name during issuance - configured in the ScreenMeet Portal as a filter to be used during certificate validation
Issue the device certificates for your managed devices
Using your trusted issuing certificate (pem
), issue the device certificates for your managed devices. This is typically done by your IT organization.
Install the certificates on your managed devices
This is typically done by your IT organization through MDM. If doing this manually:
- Distribute the device certificates (
p7b
) to your managed devices. - Open the
p7b
file to open the certificate container. - Locate the actual device certificate for installation.
- Double-click on the actual device certificate.
- Click the
Install Certificate...
button to open the install wizard. - Select the option for installing for the
Local Machine
. - Click the
Install
button. - Let the wizard automatically select which certificate store and click the
Finish
button. - You should see a dialog specifying that
The import was successful
.
Verify that the certificate is installed on your device.
The location where your certificates are installed on your device may differ from this example. Please contact your IT Administrator to verify your certificate installations if needed.
For this functionality to work properly in escalated scenarios, the certificate needs to be installed for the local machine and NOT just for the local user.
- On your Windows device, open the certificate manager by searching for the tool
Manage Computer Certificates
. Opening this tool should open a window showing theCertificates - Local Computer
. - Navigate to
Other People
-->Certificates
to see the default location where these certificates are installed. - Confirm that your certificate is installed in the listing.
Enable this feature this in the ScreenMeet Agent Portal
This is typically done by your ScreenMeet administrator
- Navigate to the
Organization
-->Settings and Policies
-->Device Validation
section of the ScreenMeet Portal. - Enable the
Device Validation Enabled
toggle. - Paste the issuing certificate contents into the
Issuing certificate 1 - PEM Format
field. - Click the
Save
button to save your configuration.
Error Codes
If validation fails during a connection from a managed device, the end-user will receive one of the following error codes:
Code | Meaning |
---|---|
4043 | The device certificate was not properly installed. A fitting certificate was not found on the device. |
4044 | The certificate is either malformed or invalid. |