Certificate-Based Device Validation (Windows-only)
  • 05 Aug 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Certificate-Based Device Validation (Windows-only)

  • Dark
    Light
  • PDF

Article summary

What is Certificate-Based Device Validation?

This is an enhanced security feature built into our ScreenMeet Remote Support Client for Windows. When enabled, this feature will cause the service to reject any incoming requests from endpoints without the appropriate certificate installed, thus preventing any unmanaged Windows clients from connecting to your organization's ScreenMeet Remote Support services.

When should you use Certificate-Based Device Validation?

If you would like to restrict access to your ScreenMeet Remote Support service to specific Windows endpoints that are managed by your organization. These are typically endpoints managed by an MDM solution that can install/manage certificates on the endpoints.

How do I configure Certificate-Based Device Validation?

You will need to do the following:

  • Issue certificates for all devices that should be allowed to connect to the ScreenMeet Remote Support service.
  • Install the certificates onto the allowed devices
  • Add the issuing certificate information (.pem) to your organization's configuration in the ScreenMeet Agent Portal

Issue and install certificates on managed devices

This is typically done by your IT Administrator.

Decide on a Issuer Common Name to use for the certificate

This is the name that will be:

  • specified in the issuing certificate (pem)
  • encoded in the certificate (p7b) as part of the Issuer name during issuance
  • configured in the ScreenMeet Portal as a filter to be used during certificate validation

Issue the device certificates for your managed devices

Using your trusted issuing certificate (pem), issue the device certificates for your managed devices. This is typically done by your IT organization. 

Install the certificates on your managed devices

This is typically done by your IT organization through MDM. If doing this manually:

  1. Distribute the device certificates (p7b) to your managed devices.
  2. Open the p7b file to open the certificate container.
  3. Locate the actual device certificate for installation.
  4. Double-click on the actual device certificate.
  5. Click the Install Certificate... button to open the install wizard.
  6. Select the option for installing for the Local Machine.
  7. Click the Install button.
  8. Let the wizard automatically select which certificate store and click the Finish button.
  9. You should see a dialog specifying that The import was successful.

Verify that the certificate is installed on your device.

Note

The location where your certificates are installed on your device may differ from this example. Please contact your IT Administrator to verify your certificate installations if needed.

For this functionality to work properly in escalated scenarios, the certificate needs to be installed for the local machine and NOT just for the local user. 

  1. On your Windows device, open the certificate manager by searching for the tool Manage Computer Certificates. Opening this tool should open a window showing the Certificates - Local Computer.
  2. Navigate to Other People --> Certificates to see the default location where these certificates are installed.
  3. Confirm that your certificate is installed in the listing.

Enable this feature this in the ScreenMeet Agent Portal

This is typically done by your ScreenMeet administrator

  1. Navigate to the Organization --> Settings and Policies --> Device Validation section of the ScreenMeet Portal.
    image.png

  2. Enable the Device Validation Enabled toggle.
    image.png

  3. Paste the issuing certificate contents into the Issuing certificate 1 - PEM Format field.
    image.png

  4. Click the Save button to save your configuration.
    image.png

Error Codes

If validation fails during a connection from a managed device, the end-user will receive one of the following error codes:

CodeMeaning
4043The device certificate was not properly installed.  A fitting certificate was not found on the device.
4044The certificate is either malformed or invalid.





Was this article helpful?