Dear MikroTik team,
I recently bought a MikroTik CRS317-1G-16S+RM and I am very happy with the device. Because Router OS was a little overwhealming I switched to SwOS which is great. The only thing I am missing is https for the webui. Is there a possibility that you port this feature from Router OS to switch OS as far as I understood Router OS has this feature?
Thanks in advance
hansdampf 
Not trying to downplay your request, but: what is your use case where plain http isn’t good enough?
It is quite reasonably to want this feature. I don’t need it - my switches (and the networks) are all under my physical control. But you can’t always have this. If the switch he manages is behind a single third part router, he already needs HTTPS.
Or a CRS and VPN - but this is RoS only, and we are talking SwOS.
Dear mkx,
thank you for your question. I am not requesting this because http isn’t good enough. Besides the fact that most browsers complain about plan authentication via http it is because of security considerations. If a computer in my network would get compromised I want as little attacking vectors as possible. All my webapplications are served via https. Logins to servers are all secured via ssh. LDAP login is also secured via ldaps and so on… So it would be great to have this feature.
Thanks for supporting my request.
Why not SSH to the unit (better than web based config)?
You could go back to RouterOS(The switch menu is there, if you need pure wire-speed config ) and use Winbox or SSH for secure logging in.
RouterOS supports HTTPS too.
https://wiki.mikrotik.com/wiki/Manual:Webfig#Enabling_HTTPS
Because not all units can run RoS. The CRS can - the CSS no. I have two CSS326, and they can’t run RoS. There is a version that can - the CRS326.
The same use case where telnet isn’t good enough.
Quite simply, having any kind of credentials, or any kind of config info being passed around the network unencrypted is a non-starter. I’m a big fan of Mikrotik routers, and use them quite regularly when appropriate. But the lack of any secure method of configuration is literally the reason I have never looked at the switches outside of a lab setting. Auditors would tear me a new one for allowing that on the network, and rightfully so. I can’t even install these at car dealerships (and if any of you have done work for car dealers, you know what a low bar that is!)
No matter what features or what price point (and Mikrotik is good-to-great in both those categories, generally) no https or SSH means no sale. Sorry.
(That said, I have been very impressed with the progress made in the switching since Mikrotik released their first few dedicated switches. Those first few were pretty rough around the edges, software- and feature-wise. So great work on that part. I just don’t understand how a secure channel for any kind of configuration isn’t the default these days, much less not even an option.)
The switch support already SSH, HTTPS on RouterOS, simply use already included RouterOS instead of SwOS…
As has been already stated in this thread - RouterOS can NOT be used on CSS devices.
@Paternot is not the OP, and the op do not have one CSS but one CRS317-1G-16S+RM
No he is not the OP, but the thread is still valid. SwitchOS does not support any form of secure connectivity - AND IT SHOULD!
I would also like to have this feature in SwOS. That should be common standard nowadays.
Definitely shocking to login via HTTP basic auth. Just unboxed my CSS610 and can’t believe it. If it were opensource, the community would have already added basic TLS support to the web server because otherwise the software can’t really be taken seriously, IMO. Which is crazy because the overall product seems like such a feat of advanced programming and electrical engineering. But hey, the price is right. 
( Are the CPU and RAM in the CSS610 too limited to accommodate TLS termination, or similar? )
You’re just fooled by cryptography, look for Zuchongzhi 2.1 and Jiuzhang 2.0, nothing is secure now, devices 10 million times faster than traditional “supercomputers” can decrypt anyting on some minutes or seconds, or less…
By this logic, you don't believe in putting locks on doors or windows because there are big enough tools in the world to defeat these common protections. So, I wonder: Does rextended lock his doors when he leaves home? Don't be a hypocrite, now...tell the truth. 
I'm well acquainted with the long history and nature of cryptanalysis, as well as the fallacy of putting a "huge padlock on a small and rickety fence." I'm not dealing with savvy targeted attackers -- especially not state-level ones with access to resources like those of your imagination -- so I'd want TLS like any reasonable person who locks their doors at night. Security in layers is good. 
Thanks.
For starters I wouldn’t expose simple managed switch (like CSS) to internet at large. If one can not trust their LAN, then most (if not alI) managed switches support “management VLAN”. It’s up to router/firewall to filter access to management VLAN at large. And if paranoid enough, management workstation is not hosted outside management VLAN … and communications between management VLAN and the rest of the universe (LANs included) is severely limited (if not outright blocked).
So if one is really paranoid, encryption is not even needed. 
I have learn how open “standard” door or padlock with some video on youtube…
I have choiced to not buy any “secure” lock because… much nice are the box, much interest go in…
Simply I do not leave anything of some reasonable value inside the house when I go away…
A “simply switch” where can’t you put inside any password or username, is completly useless…
There is no effort to enter inside one “useless” switch…
Speaking of the “digital world” I prefer to hide the keyhole than to have a big padlock, and I never treat a TLS connection a secure one, even if it reasonably is.
I understand both points above – they are logical. And it’s not worth debating every possibility of ever topology in every environment (e.g., lab vs. prod) against the comfort levels of every different person.
However, I do think it’s worth pointing out that when systems are deployed professionally in the industry, there is no defensible case to be made ever that sending secrets in plain text is acceptable. You just won’t see it. The world mostly stopped using telnet and rlogin a long time ago, even in switched networks that use microsegmentation to unicast ethernet frames, because it’s just common protection against common/unsophisticated thieves. Just like locks on windows. Even if the cipher is flawed, even if the secret is stored in memory in plain text somewhere by a running process, even if the system architecture is flawed, etc (i.e., any stupid old avenue that presents a risk in overall protection of the secret), you will never hear an expert approve transmission of secrets in plain text in the 21st century, even within a mgmt VLAN. That is just not really up for discussion at this point in the game.
(I don’t know that any U.S. enterprise is running an ecommerce platform on a CSS610 in production, but the world is a pretty crazy place…so, what do I know. )
Nothing is really secure, but that doesn’t mean we stop manufacturing cars with door locks just because glass windows defeat the purpose of security – it’s a common feature & expectation this day in age, and it would be a red flag for any manufacturer to say, “Nah, we don’t believe in that…it’s pointless and everything is futile.” (Hence my original question about hardware or cost/benefit in this product line, trying to understand the actual reason from the company.. Not sure if you guys are employees or owners.)
Funny advice... IMHO SwOS is much simpler and setup is faster for some use cases.
As long as there is no intruder in your network.
Yes, I’m also doing stuff like this, but it’s not good security practice anymore: look for Zero Trust.