At that point a proper SSL implementation hangs up and shows a warning as the Hostname of the certificate is not matching with the one which is expected. During the SSL handshake the the router is presenting it's own certificate which is obviously not issued for "" but for "". The client is not aware of this interception. The client first makes a TCP connection to google on port 443 which get intercepted. The problem is that MIKROTIK FAILS TO REDIRECT the user to the page where the certificate will be valid.
and the certificate will be valid.įURTHERMORE both Netlantique and I have already tested this and confirmed it is working (at least I have confirmed) with Internet Explorer 11 on Windows 8.1 so the problem remains in some kind of a bug on the mikrotik which prevents the redirection if another browser is in question.ĮDIT: Let me refraze the problem. You are wrong because when the client asks to open a https web site (for example Google) the mikrotik WILL INTERCEPT this attempt and redirect the user to ANOTHER page which is. When you interrupt a connection from the client to a https website you are NOT that website therefore the client will show a warning. The certificate is to prove your identity. You can't "resolve" this issue as it's how https works. I already put the certificate in www-ssl in "services" too.ĭoes someone has successfully resolved this issue with the "https" website using the "hotspot" feature ? I did this and my certificate is working good on the hotspot login page but I still get the Certificate warning if a Hotspot client has his browser set to open or any https website. My opinion is that Mikrotik OS 6.22 has some kind of a bug with all the browsers except IE and I'm very serious about it. But if I do the exact same thing with Firefox - an error shows that my certicifacate for mydomain is not valid for - which is understandable, because mikrotik hotspot system did not open that magic url: /url?facebook whatever. The truth is that I have not had For example: when I try going to Facebook web page (it is https) through Internet Explorer - mikrotik opens it's own https login page (as expected) and show no error because the certificate IS VALID. Go to IP > Services and enable Then check "HTTPS" under "Login By" I have checked firewall rules and they seem OK to me, but obviously something is wrong because many people complain for this problem. When the person tries to go to it redirects to https portal and the ssl cert Works and everything is very coolīut when the person tries to go to then the mikrotik does not redirect anywhere - the connection is just Dead! I hope this solves most of your issues so you can now help me:
import the ssl cert (I Know how to do it, but that's another topic) and try to login as guest - it will work with HTTP and your browser will redirect to. have in mind that mikrotik hotspot portal IP address can be any address, even 1.1.1.1 it does not matter!ħ.
on startssl website verify your domain through email and create a free ssl cert for Ħ.
on mikrotik edit server profile, general, and for DNS name use ĥ. create an working email address decide which FQDN will your hotspot portal use, for example: Ĥ. make sure you have a real domain, for example: Ģ. While what you say is true, there is another way: You can go to and get yourself a FREE level1 SSL certificate for your domain (whoich must exist) and use that DNS name for your mtik HS portal like this:ġ. All certification's companies require a public IP or public DNS. You can not buy a certificate to a local IP.