Certificate Validation on Devices

Certificate-Based Device Validation (Windows-only)

Introduction

Certificate-Based Device Validation restricts ScreenMeet Remote Support access to managed Windows endpoints. When enabled, the client rejects incoming requests from endpoints that do not present an approved device certificate.

When to use

• You need to allow connections only from organization-managed Windows devices.

• Your devices are managed by an MDM that can issue and deploy certificates.

Prerequisites

• A trusted issuing certificate (PEM) used to sign device certificates.

• Ability to deploy device certificates (P7B) to Windows endpoints.

• Administrator access to the ScreenMeet Portal.

Workflow

1. Issue device certificates for managed endpoints using your issuing PEM.

2. Install the device certificates on Windows devices.

3. In the ScreenMeet Portal, add the issuing certificate (PEM) and enable validation.

4. Save configuration and test from a managed device.

Local Machine scope required

For escalated scenarios to function, install the device certificate for the Local Computer scope, not just the current user.

Issuing and installing device certificates

1. Choose Issuer Common Name (CN): Define the CN used in the issuing PEM and encoded in the device P7B. Use the same CN when configuring the Portal filter.

2. Issue device certificates: Using your trusted issuing PEM, issue certificates for all managed Windows devices.

3. Install on endpoints:        

   1. Distribute the device certificate (P7B) to each device.

   2. Open the P7B container and locate the device certificate.

   3. Double‑click the device certificate, select Install Certificate….

   4. Select Local Machine as the store location.

   5. Let the wizard select the store automatically and finish.

   6. Confirm the message indicating the import was successful.

Verify certificate installation on Windows

1. Open Manage Computer Certificates on the device.

2. Navigate to Certificates > Other People > Certificates (default location for this workflow).

3. Confirm the device certificate is present.

Configure in ScreenMeet Portal

1. Go to ScreenMeet Portal with an administrator account.

2. Navigate to Organization > Settings and Policies > Device Validation.

3. Enable Device Validation Enabled.

4. Paste the issuing certificate contents into Issuing certificate 1 - PEM Format.

5. Click Save.

Connection behavior and error codes

If a managed device fails validation, the end user will receive one of the following codes:

Troubleshooting

• Confirm the device certificate is installed for Local Machine, not the current user.

• Verify the device certificate was issued by the same PEM you configured in the Portal.

• Ensure the Issuer CN used during issuance matches what your organization expects.

• Re‑import the certificate if the wizard reported errors or if code 4044 appears.

Notes

• This feature is for Windows endpoints only.

• Typical deployments use MDM tooling to install and manage certificates.

References

• ScreenMeet Portal

Conclusion

After enabling validation and deploying certificates, test from a managed device to confirm successful connection. Remediate any devices reporting error codes by reinstalling or reissuing certificates as needed.