If you have Mikrotik hotspot enabled on your router, one of the issues you would have experienced is that https sites are not redirected to the hotspot page for authentication. If this is a problem you are facing, this post explains everything you need to have it resolved.
When we enable hotspot, we want users to be connected to our wireless network and afterwards, get redirected to a login page for authentication, before proceeding to their desired internet destination. With the default setting of Mikrotik hotspot, only http sites are redirected. Users of https sites simply get error messages.
A few years ago this was not an issue since almost every website was on http. With most websites now moved to https, this has become an issue.
To resolve this issue, you need to get a signed certificate from a certificate authority or simply create one for yourself! Luckily, the Mikrotik routeros has a feature that allows us to do that. So, we will create our own self-singed certificate for use in our hotspot to redirect https users.
How to create a self-signed ssl certificate on a Mikrotik router
Simple open the new terminal window and paste the belows commands
/certificate add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign sign ca-template name=myCa add name=Hotspot-template common-name=Hotspot sign Hotspot-template ca=myCa name=Hotspot set [find name=Hotspot] trusted=yes
If you have your hotspot already configured, proceed to the next step, else, click here to see how to configure hotspot on a Mikrotik router.
In hotspot server profile, double-click on your hotspot and make sure to check the box beside https. Click on the arrow beside ssl certificate and select the certificate you created earlier. See image below.
Next, enable www-ssl service on the router. To do this, go to IP>services, enable www-ssl and select your certificate (same certificate selected in the image above). See steps in the image below.
That’s all you need to do. However, sites like Facebook, Google, and YouTube will not redirect. These sites will not prompt users to proceed. Aside from this sites, almost every other https sites will warn users but will provide a link for them to proceed to the login page.
If you enjoyed this tutorial please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.
You will need to create a self-signed certificate that will be used for the hotspot login.If you want a login page without the warning sign, you need to get a signed certificate from a Certificate Authority.