Configuring the Web Server

MetaDefender Kiosk's Management Console relies on a REST interface which runs on HTTP by default. The following can be used to further configure the REST server to harden the system.

Changing the default port

1. From the management console navigate to the Security page (Administrator role is required to view this setting).

2. In Listen > Port, change the value to any port that is valid and click apply

Setting up HTTPS

By default, communication with the Management Console is not encrypted. If HTTPS is enabled, the server can enforce secure connections between client and server on an SSL channel.

Prerequisites

• Kiosk version must be greater than or equal to 4.4.5
• Must have a certificate on the kiosk system
• If the private key is encrypted you must create a file that contains the passphrase on the system
• Note down the file paths for the certificate, private key, and or passphrase file

How to create a self signed certificate (optional)

• Using a linux terminal
  • With Passphrase

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem

Create your passphrase file and enter your passphrase into it

- Without Passphrase

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes

• Using git bash
  • With Passphrase

winpty openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem

Create your passphrase file and enter your passphrase into it

- Without Passphrase

winpty openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes

Add your certificate to kiosk

1. After completing the prerequisites you should have a certificate, and private key on the kiosk
2. From the management console navigate to the Security page

3. Click

4. Click

5. Fill the required input fields and click

Kiosk will validate these fields and display an error at the top of the screen if an issue is detected. e.g.

6. Once the Certificate is added successfully click

Enabling HTTPS

1. From the management console navigate to the Security page

2. Click Enable HTTPS checkbox to select HTTPS
3. Select the preferred certificate
4. Choose the preferred TLS settings. (if no options are selected then Kiosk will fall back to default TLS settings)
5. Click

6. The Kiosk will restart its internal components and apply the changes selected.

This process can take approximately one minute to complete

7. Once the Kiosk services have restarted a new tab should open that directs to the Kiosk page

If the tab does not automatically open then click the hyperlink on the results page to open the new tab.