I have setup a hotspot service using the Mikrotik Router as a service controler and an external access point. the user experience i was expecting is:
the user associate with tu SSID broadcasted by the AP
the user open a browser and tries to get to internet by entering a URL
the user is redirected to the login page hosted in Mikrotik
the user enters his login/pwd and is authenticated against a radius server
the issue i have is:
in step 2, if users enter an http url then everything works fine. However, in case they enter an https URL then they get a browser error saying: “the connection was reset, the connection to the server was reset while the page was loading…”.
as far as i know, in case of SSL issue we get a warning from the browser saying “this site is not trusted…if you want to continue click OK” so i was wondering if installing an SSL certificate will solve the issue.
But everytime the device than connect to hotspot complain about unsigned - untrusted certificates, displayng warning messages, because your own cert, are not autorized by root certificates…
I’m facing same issue, I bought the Godaddy SSL Cert still get the warning page, which SSL Cert can support Mikrotik Hotspot to avoid the warning page?
For my experience in MikroTik hotspot service, not all SSL certificates works fine. it depends of the Certificate Authoroty. There ara Level 1 to Level 3 or more.
CA Level 1 (wellknown companies such as verysign, GeoTrust…) certificates are in almost all user devices. There is CA certificate and your own signed certificate.
In a CA level 3, you have to upload to mikrotik the CA Level and CA level 2 certificate and you own signed certificate. This process are a little mess for the user devices.
CA level 1 is expensive and CA level 3 is cheaper.
Briefly, this is the reason: how well-known your Ca is.
In my case, I have the default login.html of Mikrotik.
If the customers navigate to any https web (google for example) , the Mikrotik not redirecto to login.html, but if the customer navigate to any http, the Mikrotik redirect to login page.
Why to put a certificate https? that domain? I have not a domain.
But if type https://www.google.com or type “blabla” in the address browser (IE, Firefox, Chrome), the browser show a error, with messages of hackers and warnings because the certification is not correct.
It resolves google.com into an IP. Lets say it’s 203.0.113.57.
The browser connect to TCP port 443 on 203.0.113.57.
The RouterOS system redirect this connection to its Hotspot system.
Browser and Hotspot are doing the SSL handshake. This includes that the hostspot is sending its certificate.
The browser sill “thinks” it connects to google.com. But as the browser has received a certificate which is for your hotspot and NOT for google.com it shows a warning.
OK! you mentioned that you are entering the url but redirected to the login page i don’t know whether you have entered many url to identify the exact problem. Also when entering url it shows ‘the connection was reset’ so You may do DNS look up to know the consumption of packet data after you find the same error then check with your internet service provider through the website http://www.whoisxy.com/ where i checked previously.
