Hello everyone,
Recently came to me the need I have to improve security in hotspot and wireless network.
I researched and found several topics about authentication certificates and so far so good.
I did all the steps and managed to get the certificate to operate the hotspot, but what I did not know is that the certificate was used to encrypt the connection only because after the certificate, still have to put the user and password on hotspot.
What I want is a certificate that was generated (which was placed in Mikrotik and installed on the client) in which this certificate already had the user and password.
Is this possible?
Best Regards 
If you want to ensure the details passed between the client and the hotspot are secure you need to:
a) get yourself a security certificate from a trusted authority
b) load this onto the mikrotik and switch to using only ‘https’ mode for logins.
lets say your hotspot domain was hotspot.example.tld
You’d go to your security certificate provider of choice and order an SSL cert for this domain.
When you receive your certificate you load it (along with any chain of trust certificates provided) onto the mikrotik file system then add them to the cert list under system → certificates making sure if you have a password on your certificate you enter it when loading yours.
Once this is done go back to your hotspot profile and select your certificate as the https cert to use and make sure your domain name for the hotspot matches that certificate (hotspot.example.tld).
When you have a legitimate certificate loaded, your user will hit your page via https without any complaint from their browser.
Thanks for your reply.
What you said is not who I really want. I want the certificate authentiques the user without the user insert username and password.
I want the certeficate does everything.
I don’t know if mikrotik does it, but if does I really know who can I do it.
Is each user going to have a different login? if not just set the username and passwords in the html form to the logins. I you want a different login for each user incorporate the mac address of the machine as part of the username or password and pass that into the form in login.html.
That is best I can think of for what it sounds like you are trying to do.
Ok, I understand what you are suggesting.
I’ve noticed that a certificate maybe not be the most suitable.
A friend told to me a metod who I can create an authentication method similar to method authentication on domain, eg user, password and MAC (but that cloning does not interfere with MAC authentication).
I wanted the Mikrotik identifies authentication by user and that user had some hits, like an Active Directory.
If you wanted you could allow users to connect using PPPoE authentication which allows them to setup a saved username and password on their computer or router to authenticate, while this doesn’t require loading a certificate on as such, it is a common method of connecting that should be supported on all recent operating systems.
Sorry that I misunderstood your first post 