Certificate-Based Device Validation (Windows-only)

This article provides information on using certificates to ensure only approved Windows devices can connect to ScreenMeet Remote Support.

What is Certificate-Based Device Validation?

This is an enhanced security feature built into our ScreenMeet Remote Support Client for Windows. When enabled, this feature will cause the service to reject any incoming requests from endpoints without the appropriate certificate installed, thus preventing any unmanaged Windows clients from connecting to your organization's ScreenMeet Remote Support services.

When should you use Certificate-Based Device Validation?

If you would like to restrict access to your ScreenMeet Remote Support service to specific Windows endpoints that are managed by your organization. These are typically endpoints managed by an MDM solution that can install/manage certificates on the endpoints.

How to configure Certificate-Based Device Validation

1. Issue and install certificates on managed devices that should be allowed to connect to the ScreenMeet Remote Support service (This is typically done by your IT Administrator)

2. Decide on a Issuer Common Name to use for the certificate. This is the name that will be:

   • specified in the issuing certificate (pem)

   • encoded in the certificate (p7b) as part of the Issuer name during issuance

   • configured in the ScreenMeet Portal as a filter to be used during certificate validation

3. Issue the device certificates for your managed devices

   • Using your trusted issuing certificate (pem), issue the device certificates for your managed devices. This is typically done by your IT organization

Install the certificates on your managed devices

This is typically done by your IT organization through an MDM tool. If doing this manually, follow the steps below:

1. Distribute the device certificates (p7b) to your managed devices

2. Open the p7b file to open the certificate container

3. Locate the actual device certificate for installation

4. Double-click on the actual device certificate

5. Click the Install Certificate... button to open the install wizard

6. Select the option for installing for the Local Machine

7. Click the Install button

8. Let the wizard automatically select which certificate store and click the Finish button

9. You should see a dialog specifying that The import was successful

Verify the certificate is installed on your device

1. On your Windows device, open the certificate manager by searching for the tool Manage Computer Certificates, opening this tool should open a window showing the Certificates - Local Computer

2. Navigate to Other People --> Certificates to see the default location where these certificates are installed

3. Confirm that your certificate is installed in the listing

Enable this feature this in the ScreenMeet Portal

1. Login to console.screenmeet.com as an administrator

2. Navigate to  Organization --> Settings and Policies --> Device Validation
    
   
   

3. Enable the Device Validation Enabled toggle
    
   

4. Enter the Common Name Filter you have selected

5. Paste the issuing certificate contents into the Issuing certificate 1 - PEM Format field
    
   
   

6. Click the Save button to save your configuration
    

Error Codes

If validation fails during a connection from a managed device, the end-user will receive one of the following error codes: