Hi,
I have a router with four hotspots. Now I want to setup HTTPS certificates.
Questions:
Thanks in advance.
v.
and i am intersting about this subject
cant work hotspot on websites with https
also for some way affects my android smartphone
accessing facebook and twitter apps
if someone can guide us pls
Thanks
You only need one name. Even if there are multiple hotspot servers on different IPs, as long as each hotspot router has its own record for that name (pointing to its own IP), then you can have multiple servers on different IPs.
You need HTTPS certificate for each name OR you could get a wildcard certificate to cover any subdomain of mydomain.com, rather than just hs.mydomain.com.
Affects them how? Certificate errors?
Just block HTTPS connections to anything but your hotspot server, using:
/ip firewall nat
add chain=pre-hotspot action=accept protocol=tcp dst-address-type=!local hotspot=!auth dst-port=443
/ip firewall filter
add chain=hs-unauth action=drop protocol=tcp dst-address-type=!local dst-port=443
Let me explain better why i think i need certificate
i setup hotspot
then i open my laptop and trying to enter google.com
nothing comes
then i try to open facebook and nothing comes up
secure connection failed on laptop
and on smartphone
Connection Timeout
cant acces my fb through fb app twitter and microsoft account codes generator for email
Thanks
Sounds exactly like what you should expect when not being logged in. The apps make a connection, and fail… of course.
What do you think should happen when you’re not logged in yet? A browser window popping up? That’s up to the app to decide. There’s no way for you to trick it into doing that.
give some time i will come again
with screenshots
cause i am confused
first time with mikrotik OS
Thanks
ok sry for double posting
i will try to make some analysis
in order to undrestand and help me if u can
Wireless Interface : Qbtcm
DHCP Server:192.168.100.0/24
Inteface Qbtcm IP : 192.168.100.1
Pool:192.168.100.2-192.168.100.254 | 255 Broadcast
Router operates at bridge mode but wireless interface isnt at brige cause hotspot complain
Hotspot Setup
Ah, I see… That’s totally unrelated to HTTPS and certificates.
Place both the DHCP and hotspot under the “bridge-local” interface, and remove the 192.168.100.1 address. That interface (by default) includes both the Ethernet and Wi-Fi interface on your router. You should only be more explicit when a setting needs to apply only on either just Ethernet or just Wi-Fi.
this DHCP is for hotspot during the Hotspot Setup Wizard
when i go to set the hotspot under bridge–>port menu i can the wireless interface which is for hotspot but now the
hotspot itself
also when i place the wireless card under bridge-local hotspot stop functioning 
i am confused
Thanks
Move the DHCP server first. THEN move the hotspot server.
Alternatively, reset your router configuration, and start over. This time, at the setup wizard, use “bridge-local” as the interface. Once setup is complete, you’ll be disconnected from the router, but the hotspot page would become available. Once you enter the admin account, you’ll be able to connect to the router again.
i want the hotspot to be active only at wireless clients not the ethernet ones
is there any method to achieve that after setting it at bridge-local?
Thanks
In that case, you need to FIRST setup two DHCP servers. One at the Ethernet interface, and another one at the Wi-Fi interface. You may need to also remove “bridge-local” afterwards. Once that is done (i.e. Wi-Fi clients can connect and get internet without a hotspot page), you can then use the hotspot setup wizard, and point it to the Wi-Fi interface.
so my topology is
ISP Router–>Mikrotik–>SWITCH–>Users
i will remove bridge
set the dhcp servers on my own
default route to the ISP router
and the Hotspot
After that will i be able to connect to https sites or still the same
Secure_Connection_Failed error message
will appear or i need certificate?
Also the Domain Name needs to be real i am to register it or it is Hotspot Internal Settings for user easy connection?
Thanks and sorry for the noobish questions i am new to mikrotik
Thanks again
so my topology is
ISP Router–>Mikrotik–>SWITCH–>Users
Just to be clear, when I say “Ethernet”, I’m referring to your local network’s Ethernet adapters. That is, the ones from “ether2” onwards. The “ether1” Ethernet port (where your internet comes from) is completely separated, and not part of “bridge-local”. The “bridge-local” interface includes the Ethernet interfaces from “ether2” onwards, plus the Wi-Fi interface.
If you disable/remove the bridge-local interface, then you’re separating your local Ethernet ports from the Wi-Fi interface.
If you have a switch, which is connected to one of those Ethernet interfaces, and your users are connected to the switch, then your users will get the Ethernet settings. Only those connecting to the Wi-Fi will get the Wi-Fi settings.
After that will i be able to connect to https sites or still the same
Secure_Connection_Failed error message
will appear or i need certificate?
You’ll still get that message, because the connection is indeed failing, until you login (with or without a certificate in place). Once you are logged into the hotspot, the error message will disappear, and the app would work.
Also the Domain Name needs to be real i am to register it or it is Hotspot Internal Settings for user easy connection?
For HTTP, the name can be a custom (“fake”) one that you set in “/ip dns static”. For HTTPS, in order to actually get a certificate in the first place, you need to own a real domain. But again - in your case, you don’t need a certificate, and your current issue is completely irrelevant to that.
nice didnt know about this ethernet distinguish at all
can u pls explain to me why when i write in my laptops browser
qbit.com (hotspot dns) i get the login page which i pass
also when i write qbit.com/status its shows me the IP
and why i can connect for example at nvidia.com or cnn.com and not google?
i will try everything u said tonight cause no time for testing and i will reply to you again
but i am curious
Thanks
Even after the login?
I’m only guessing it’s your laptop’s clock. The date and time need to be correct for HTTPS to work. If they aren’t correct and/or they keep getting reset when you shut down your laptop, then you probably need to replace your laptop’s motherboard battery. That’s not the same as “the battery” - It’s a separate one, dedicated for the clock, inside your laptop. Replacement requires disassembly of the laptop.
Laptop battery is ok
if i leave the hotspot
disable hotspot remove hotspot dhcp server,pool,specific interface address
and
add WLAN to bridge and reconnect i can go to every https site i want
like google/facebook/paypal
Also when i am in hotspot
and write
http://www.google.com
i can access it but not HTTPS one
the google Error is Secure_connection_Failed(or Failure)
Thanks