Manual:Hotspot HTTPS example

From MikroTik Wiki
Revision as of 11:35, 23 August 2016 by Pauls (talk | contribs) (Created page with "__TOC__ ==Hotspot HTTPs redirect== ===Summary=== In this example you will see how to use SSL certificate to enable HTTPS redirect to your Hotspot login page. It is possible...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Hotspot HTTPs redirect

Summary

In this example you will see how to use SSL certificate to enable HTTPS redirect to your Hotspot login page. It is possible to use certification authority (CA) as well as self signed certificates.

Self signed certificates

You can generate your own free self signed SSL certificate, and use it in your RouterOS. This page will show detailed steps how to generate, and import such certificates.

http://wiki.mikrotik.com/wiki/Manual:Create_Certificates

Icon-note.png

Note: By using self signed certificate, SSL redirect warnings will still be present. As part of SSL protocol, cause hotspot captive portal will be seen as Man-in-the-Middle by SSL.


Certificate authority

Hotspot HTTPs login

When you have successfully imported certificate and private key on the router, first you need to enable ssl service and add the name of the certificate in /ip service:

/ip service set www-ssl certificate=client.crt_0 disabled=no

Next step is to enable HTTPs login on your Hotspot.

/ip hotspot profile set hsprof1 login-by=https ssl-certificate=client.crt_0 


Now all HTTPs requests from unauthorised clients will be redirected to your Hotspot login page.

Icon-note.png

Note: Such HTTPS sites as google, facebook, etc that use SSL HSTS will still be showing ssl error, and will completely refuse to continue. In such case the end user should try to access different sites.



Full HTTPs Hotspot example

[ Top | Back to Content ]