How to set HTTPS for WebFig

rcampbell · July 23, 2014, 9:07pm

How do you set the WebFig interface to use https (443) instead of port 80?

jacekes · July 24, 2014, 8:30am

I guess you need to enable https in /ip services and disable http.
This will affect all web-based interfaces.

Rudios · July 24, 2014, 9:52am

I guess you also have to insert some kind of certificate.

jacekes · July 24, 2014, 10:42am

Yes, but it can be a self-signed cetificate, and as far as I remember it can be generated directly on the RB.
I don’t have access to any of my RB right now, so I’m bot able to test it.

rextended · July 24, 2014, 11:45am

Use search function on the forum…

http://forum.mikrotik.com/t/https-problem-on-hotspot/74093/6

jacekes · July 24, 2014, 12:19pm

Me? What for? It’s on the wiki I guess and rcampbell can check it by himself.

rextended · July 24, 2014, 1:05pm

Sorry, the mesasge is for rcampbell

rcampbell · July 25, 2014, 10:12pm

Thanks for the help guys.

I had previously searched both the forums and the Wiki and didn’t get a clear answer without dropping to command line. Hopefuly other people that are new to RouterOS will find this useful.

First off there seems to be a bug in WebFig so I had to use WinBox.
The bug can be found here - WebFig - System - Certificates - [Select your certificate] - Sign. The sign button doesn’t work in WebFig (I tried Chrome, IE 11 in Normal and Compatibility Mode) so I used WinBox. Everything else can be done in WebFig except the ‘Sign’ button.

Step 1. Create a Certificate
-System - Certificates - ‘+’
-Create a name ‘ssl-web-management’ or whatever you like
-Country = US (or the two letter country code you want)
-Thats all we need for the self signed cert
-Click ‘Sign’
-Click ‘Sign’ again on the popup dialog (you can leave CA as unknown)
-Click OK
The certificate should now be created and trusted.

Step 2. Enable Port 443 for management and assign the cert
-IP - Services
-Double click on ‘www-ssl 443’
-On the pop up dialog select the certificate you created
-Click ‘Enable’ to enable 443 web management
-Click ‘OK’

You should be able to browse to WebFig on port 443 now.

MikroTikFan · October 3, 2014, 4:56pm

I Did that all steps but didn’t disable 80 port.
After that all I just tried to go to https:/192.168.1.1 (router) but I got

Kod błędu: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

What key usage must be set?

I have set on:

-digital signature
-key encipherment
-ctrl sign
-data encipherment
-key cert. sign
-tls server

what option s required for https, anything else should be set ?

should I add anything to firewall ?

webfig on port 80 is still working properly.

clubs · January 10, 2015, 7:19am

Thank you @rcampbell for pointing out that thing with broken “sign” button!

It’s like 6 months after your post and it’s still not fixed. I’m new to MikroTik and that’s not the fist impression I was hoping for.