Hi,
I have some installations runing with differents mikrotiks RB951 and RB2011 and hotspot.

Hotspot Works with SSL certificats and a redirect page to http://login.yyyy.com.
Hotspot DSN Name is hotspot.yyyy.com and i have installed into mikrotik hotspot.yyyy.com certificates from an oficial
certified company. (crt and chains)
login.yyyy.com has as well SSL certificates from an oficial certified company, as you can see I redirect
from mikrotik to http://login.yyyy.com (less SSL warnings).

The problema is that with old deveces (most of the times) and with new devices (some times) when starts
de captive portal a warning SSL message apears telling that you are opening login.yyyy.com with hotspot.yyyy.com
certified that is not the same page.

It seems that because is not internet untill the user registers with username and pasword de ssl certificate can't
be verified.

I have add to walled garden (providers of my SSL):
*.comodoca.com
*.positivessl.com
*.usertrust.com

and (other provider)
*.verisign.com

But still with this warnings.


Te big problema is that when a ssl apears then the hotspot gets like bloqued and doesn't work properly.

Any help ?

Thank's.
Oscar.

When you intercept a https page, the browser will definitely show an SSL warning because the page you want to go is different on the login page. This is how https is designed to prevent man-in-the-middle attacks.
You can't have a workaround in this behavior.

Yes, with the captive portal when i intercept a page i know that is a security warning.....
But I mean with a normal navigation, redirect from mikrotik dns (hotspot.yyyy.com) to login.yyyy.com and then link to a other page
should not apear this warning. I tryed doing it with internet connection and never gets this warning ... So I am afraid that is something arround
garden or NAT or firewall I don't really know .....

Thank's.
Oscar.