HTTPS authentication should be used if you want to set up a more secure authentication process for your customers. That means that customers authentication process will use HTTP instead of HTTPS. This also means that it will get rid of the Insecure content messages when logging in to your network. So this is a use case solving that issue as well.

To set up your own HTTPS authentication method, you will need:

If you have neither domain nor certificate for it, feel free to contact [email protected] and we can sort things out for you.

If you decided to use your own domain, you will need to create an SSL certificate. You can use any certificate that is issued by trusted certificate authority (Cloudflare, Letsencrypt, etc.).

To have a login page pop up correctly, you need to import a new login.html file and replace the old one.

Download index.html from this location.

Upload the created login.html to your AP using upload button.

Move the login.html under hotspot folder.
​

First, you need to import SSL certificates that just got issued to you in your Mikrotik router. To do so, in Winbox, go to Files and upload your certificates there. You should upload Server, Intermediary and Root certificates to the device. They can all be uploaded as a single conjugated file as well. Most of the certificate types will work, but it is recommended to use .pem and .p12 file types.

After you've successfully transferred files over to the Mikrotik, you need to import them. You can do so by going to System->Certificates and select the Import option.

Select the file/files that contain your certificates and Import them by pressing the Import button.

If there are now 2 or 3 certificates (depending on the import method), all of them are marked as trusted and there are 2 types of certificates (1 KT and 1 LT for 2 certificates or 1 KT and 2 LT certificates for 3 certificates imported). The import is successful.

After the certificates have been successfully imported, go to IP->Hotspot->Server Profiles and select your network's hotspot (default is hsprof 1) to make changes needed for enabling HTTPS.

From here, in General->DNS Name add your domain name that the certificate is issued to.

Under Login section, make sure that both HTTP CHAP and HTTPS are enabled. Under SSL Certificate, select the Server certificate that you've imported previously. Also make sure that HTTPS redirect is turned on

Next, check IP->Hotspot->Walled Garden settings and make sure that *spotipo* is added as an entry. If it is not there, you might get insecure connection messages from your browser.

To make sure that everything is being translated correctly, we need to check on DNS settings. It is recommended to set DNS server address as one of the publicly available servers (In this example we use Google's DNS 8.8.8.8 but feel free to use any other server).

Also, under Static section, check that your domain is set up under the address that your portal is working on.

If you've done all steps successfully, it's finally time to test the configuration out.

If you have any problems, check your settings once more and feel free to reach out to us at [email protected]