Troubleshooting for Certificate Validation Failure

    How to Check for Certificates in the Windows Store

    • Certificate validation ensures the server’s authenticity during remote sessions.
    • Verify that your remote customer’s PC has updated certificates in the Windows Store.
    • If the certificate is missing, export it from the target server and manually install it in the device’s certificate store.

    How to Export the Required Certificate from the Domain

    Follow these steps to export the certificate:

    1. Open a web browser and navigate to https://gateway.zohoassist.com.
    2. Click the lock icon in the address bar.
      Browser lock icon
    3. Select Connection is secure, then click Certificate is valid or the Certificate icon (based on your browser).
      Certificate details
    4. In the Details tab, view the certificate chain and select the topmost (parent) certificate.
    5. Click Export to download the certificate.
      Export certificate
    6. Choose a directory to save the certificate to your device.
      Save exported certificate

    How to Install the Exported Certificate

    1. Navigate to the folder where the certificate was saved.
    2. Double-click the certificate file to open it.
    3. Click Install Certificate in the details window.
      Install certificate option
    4. Select Local Machine as the store location and click Next.
      Select local machine for certificate store
    5. Complete the wizard and click Finish.
    6. Once installed successfully, a message appears: The import was successful. Click OK.
    Note: To avoid future validation issues, ensure automatic root certificate updates are enabled on the remote device.

    How to validate certificate in a firewall/proxy environment with a self-signed certificate?  

    If you are encountering certificate validation errors due to a firewall or proxy performing SSL inspection with a self-signed certificate, you must ensure that the firewall's self-signed certificate is installed and trusted on all agent machines.

    Follow the steps above to install the certificate

    1. Obtain the self-signed certificate from your firewall or proxy server administrator.

    2. Install the certificate in the Trusted Root Certificate Store on each agent machine.

    3. Restart the agent or the computer if required.

    Note: 

    Install both Zoho Assist certificates and self-signed certificate from your firewall or proxy server to ensure proper certificate validation.

    How to Enable Automatic Root Certificate Updates

    1. To enable automatic root certificate updates via Group Policy Editor:
    2. Press Win + R, type gpedit.msc, and press Enter.
    3. Navigate to:
      Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication Settings
    4. Double-click Turn off Automatic Root Certificates Update.
    5. Set it to Disabled to enable automatic updates.

    PREVIOUS

    UP NEXT