What's the error you're getting? "SSL error: self signed certificate in certificate chain"? You'll need to obtain a valid security certificate that was issued by a global certificate authority - CA (e.g. VeriSign, Thawte, Comodo, Startcom). It consists of a
private key and the public certificate issued by a public CA. There are multiple ways to obtain such a certificate - the cheapest but most suspectible one would be to use STARTCOM's STARTSSL program - it's free:
https://www.startssl.com/?app=1
The process with startssl is pretty straightforward if you know what's going on but it's root and intermediate certificates aren't available on every platform (specially mobile ones). That means that you're likely to run into issues with your clients complaining about additional errors related to not being able to validate the certificate.
A more solid alternative for only $9/year would be a PositiveSSL certificate issued by COMODO. You can obtain one via namecheap:
https://www.namecheap.com/security/ssl- ... vessl.aspx
Due to the owner validation process you are
required to own a valid domain (e.g. myname.com). You have to be able to receive emails for the domain e.g. via
hostmaster@myname.com (RFC2142). That's why hotspot.local - as a local domain -
simply won't work. You'll have to generate a private key as well as a certificate signing request prior to requesting the certificate with the CA.
Just follow the steps as documented here based on your platform:
https://support.comodo.com/index.php?/K ... generation
Alternatively you may also use your routerboard for this:
http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates
Once you've got the certificate from COMODO you have to upload a subset of files to the router and tell the hotspot to use them for SSL.
BTW: Also attach your config.