Step 5: Set the Base Security Settings
Before deploying your Solstice Pods, certain security baselines should be configured to harden the security of your deployment. The following are the base security settings that Mersive recommends configuring. These basic security settings can apply to any organization that operates in a security-conscious environment, especially for larger, centrally-managed deployments.
How To

To protect Solstice Pod configurations, you can set an admin password for each Pod that may be required to add Pods to Solstice Dashboard management and to make Pod configuration changes through USB-based local config, browser-based web config, and the configuration API. The admin password is also required to retrieve usage logs from Solstice Pods or to perform a factory reset.
Mersive strongly recommends setting the same administrator password for all your Solstice displays.
- In Solstice Dashboard, select all your displays from the list of Your Solstice Instances.
- Go to the Security tab.
- If you wish to enforce password validation rules (8-character minimum, one uppercase and one lowercase character, one number or special character), select the Enforce password validation rules option.
- In the Admin Password field, enter in the password you wish to use for the selected displays, or remove the password entirely .
- Click Apply.

When the screen key is enabled, in-room users will be required to enter the four-digit code that appears on the Solstice display before they are able to connect.
- In Solstice Dashboard, select your displays from the list of Your Solstice Instances.
- Go to the Security tab and scroll to the Access Control settings.
- Check Screen key enabled to require the entry of the screen key to connect to a display. A pop-up warning may appear.
- If you agree with the requirements of the warning, click Yes, enable Screen Key.
- Click Apply.

Moderator Mode allows a user to make a session moderated, meaning they can approve or deny subsequent requests for users to join the session or post content to the display. Moderator mode is enabled by default.
- In Solstice Dashboard, select your displays from the list of Your Solstice Instances.
- Go to the Security tab.
- In the Access Control section, uncheck Moderator approval disabled.
- Click Apply.

This setting allows Solstice network traffic between a Solstice display and Solstice user apps to be encrypted using a standard RSA/SHA cipher with a 2048-bit private key. This also includes network traffic related to configuration via either the Solstice Dashboard, the display’s web-based configuration (if enabled), or Solstice Cloud management. When this option is enabled, Dashboard will also send Solstice Local Release updates via port 443.
By default, Solstice display servers are loaded with a self-signed CA certificate from Mersive that is used when a display receives HTTPS connections. However, you may also upload a custom CA certificate bundle to be used instead. Note that the display will always use the CA certificate for HTTPS traffic, even when Solstice client-server encryption is disabled. For more information about certificate management in Solstice, see
A known issue exists in Solstice 5.5 where loading a custom PFX (.p12) certificate to encrypt Solstice client/server traffic causes a fatal boot loop. Installing a custom .p12 certificate should be avoided for Solstice Pods running version 5.5; however, PEM certificates can still be used. Mersive is working to fix this issue in following versions.
- In Solstice Dashboard, select a Solstice display from the list of Your Solstice Instances.
- Go to the Security tab.
- In the Encryption section, select Encrypt Client/Server Communications to encrypt communication between the Solstice Pod or Solstice Windows Display and user devices.
- If you wish to upload a custom CA certificate bundle to be used instead of the Solstice display's default self-signed certificate for external HTTPS connections, check Use Custom CA Certificate Bundle for External Communications and Browse to select the PFX certificate file.
- Click Apply.
Next Step