Skip to content
  • There are no suggestions because the search field is empty.

Kiosk Deployment 

This article outlines each deployment option and the additional configuration required when deploying the Kiosk application.

Overview

Bepoz Kiosk can be deployed using one of two supported application types depending on your hardware and operating system:

  • Windows based Kiosk application

  • Android based Kiosk application

This article outlines each deployment option and the additional configuration required when deploying the Kiosk application.

Supported Deployment Methods

Option 1: Android Kiosk Application (APK)

The Android deployment uses a dedicated APK installed on supported Android kiosk hardware. Due to requirements of the Android OS, it must be configured to use HTTPS otherwise images will not be served correctly. We still need to create SSL IP Bindings to support running the Android Kiosk in HTTPS mode. (Steps Below)

Key Notes

  • The APK is installed directly onto the device

  • The kiosk application launches in full screen mode

  • API host details are configured during setup

  • HTTPS handling is managed by the Android operating system

Android deployment is typically preferred for dedicated kiosk hardware running Android OS.

Option 2: Windows Kiosk Application (EXE)

The Windows Kiosk application is designed to run on Windows based kiosk hardware. It launches the Bepoz Kiosk interface and connects directly to your configured API host.

When deploying the Windows application, there are two supported approaches depending on whether HTTPS is enabled.

Windows Deployment without HTTPS

If HTTPS is not enabled, the Windows Kiosk application must be launched with a command line argument to ignore HTTPS related validation.

This is required to allow the kiosk to connect to an API host using HTTP.

Command Line Argument Example

 
 
spm-win.exe http-image-url=http://192.168.20.30:9000

Important Notes

  • Replace the IP address and port with your own API host details

  • This argument must be applied each time the application is launched

  • This approach is suitable for internal networks where HTTPS is not required

Windows Deployment with HTTPS Enabled

If HTTPS is enabled, the Windows Kiosk application will communicate securely with the API host over HTTPS.

Requirements

  • A self signed SSL certificate

  • IP and port binding configured on the kiosk device (further details below)

  • HTTPS enabled for the API host

Configuration Notes

  • The SSL certificate must be trusted by the Windows device running the kiosk

  • The IP address and port used by the API host must be bound to the certificate

  • A PowerShell script is provided to assist with generating and binding the self signed certificate

This approach is recommended for environments where HTTPS is required for internal security or compliance reasons.

Running the PowerShell Script to Create SSL IP Bindings

When deploying the Kiosk application with HTTPS enabled, a PowerShell script is provided to assist with creating a self signed SSL certificate and binding it to a specific IP address and port.

 

Prerequisites

  • Administrative access to the Windows device

  • The PowerShell script file available on the device

  • The IP address and port number confirmed for the API host

Allowing PowerShell Script Execution

If script execution is restricted on the device, run the following command once to allow locally created scripts to run:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

 

You may be prompted to confirm the change.

Running the SSL Binding Script

Running the binding script is required for Kiosk deployment on Android devices, it must be executed on the Windows PC/server which runs the API Host.

  1. Open PowerShell as Administrator

  2. Navigate to the directory containing the script: cd C:\Path\To\Your\Script

  3. Run the script: .\Create-SslBinding.ps1 

The script will then prompt you to enter the relevant IP address and ports.

Verifying the Binding

Once the script has completed, you can confirm the SSL binding was created successfully by running:

netsh http show sslcert
 
 
Ensure the correct IP address and port are listed.

Notes

  • The script generates and binds a self signed certificate

  • The certificate is stored in the local machine certificate store

  • The binding is applied immediately and does not require a reboot

Confirming Existing SSL Certificate Bindings (Windows)

When deploying the Kiosk application with HTTPS enabled, it may be useful to confirm whether SSL certificates are already configured and bound to specific IP addresses and ports on the device.

Windows provides a built-in command line tool called netsh that allows you to view existing SSL certificate bindings.

Viewing Current SSL Certificate Bindings

  1. Open Command Prompt as Administrator

  2. Run the following command: netsh http show sslcert

What This Command Shows

This command will display:

  • IP address and port combinations currently bound to SSL certificates

  • Certificate thumbprints

  • Certificate store location

  • Application IDs associated with each binding

Example Output Fields Explained

  • IP:port
    The network endpoint using HTTPS

  • Certificate Hash
    The thumbprint of the SSL certificate in use

  • Certificate Store Name
    Typically MY for the local machine certificate store

  • Application ID
    Identifies the application that created the binding

When to Use This

  • Verifying that a self signed certificate is already configured

  • Confirming the correct IP and port are bound before deploying the kiosk

  • Troubleshooting HTTPS connection issues with the Windows Kiosk application

If no bindings are listed, an SSL certificate has not yet been configured for HTTPS on the device.

Removing an Existing SSL Certificate Binding

In some scenarios, you may need to remove an existing SSL certificate binding. This is commonly required when:

  • Replacing an expired or incorrect certificate

  • Rebinding HTTPS to a different IP address or port

  • Cleaning up old test or legacy configurations

Removing an SSL Certificate Binding

  1. Open Command Prompt as Administrator

  2. Run the following command, replacing the IP address and port as required:

netsh http delete sslcert ipport=192.168.20.30:9000
 

Important Notes

  • The ip:port value must exactly match an existing binding

  • If the IP address or port is incorrect, the command will fail

  • Removing a binding does not delete the certificate from the Windows certificate store, it only removes the HTTPS binding

When to Use This

  • HTTPS is failing due to an incorrect certificate binding

  • A self signed certificate needs to be regenerated and re-bound

  • The kiosk device has multiple outdated bindings configured

After removing the binding, you can re-create the correct SSL configuration using the provided PowerShell script.