Community discussions

MikroTik App
 
Zapnologica
Long time Member
Long time Member
Topic Author
Posts: 594
Joined: Fri Sep 25, 2009 8:15 pm
Location: South frica

Hotspot not directing https traffic

Wed Aug 06, 2014 9:17 pm

Good day,


I just set-up a hotspot the other day, So far it is all working great except for the fact that if a suer goes to a https site before logging in. they receive a ssl error and are NOT redirected to the login page.

But if they go to a http:// site it redirects them. What am I missing here? Is there a setting I need to set ?

I read that I need to have the hotspot dns name as a valid domain, so i have made it hotspot.local however that hass not seemed to fix the issue?
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

Re: Hotspot not directing https traffic

Thu Aug 07, 2014 5:49 am

What's the error you're getting? "SSL error: self signed certificate in certificate chain"? You'll need to obtain a valid security certificate that was issued by a global certificate authority - CA (e.g. VeriSign, Thawte, Comodo, Startcom). It consists of a private key and the public certificate issued by a public CA. There are multiple ways to obtain such a certificate - the cheapest but most suspectible one would be to use STARTCOM's STARTSSL program - it's free:

https://www.startssl.com/?app=1

The process with startssl is pretty straightforward if you know what's going on but it's root and intermediate certificates aren't available on every platform (specially mobile ones). That means that you're likely to run into issues with your clients complaining about additional errors related to not being able to validate the certificate.

A more solid alternative for only $9/year would be a PositiveSSL certificate issued by COMODO. You can obtain one via namecheap:

https://www.namecheap.com/security/ssl- ... vessl.aspx

Due to the owner validation process you are required to own a valid domain (e.g. myname.com). You have to be able to receive emails for the domain e.g. via hostmaster@myname.com (RFC2142). That's why hotspot.local - as a local domain - simply won't work. You'll have to generate a private key as well as a certificate signing request prior to requesting the certificate with the CA.

Just follow the steps as documented here based on your platform:

https://support.comodo.com/index.php?/K ... generation

Alternatively you may also use your routerboard for this:

http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates

Once you've got the certificate from COMODO you have to upload a subset of files to the router and tell the hotspot to use them for SSL.

BTW: Also attach your config.
By 2016 total internet traffic will be 3x 2011
 
Zapnologica
Long time Member
Long time Member
Topic Author
Posts: 594
Joined: Fri Sep 25, 2009 8:15 pm
Location: South frica

Re: Hotspot not directing https traffic

Sun Aug 10, 2014 11:25 pm

Thanks for your response,

I have attached an image of the error which I get,
Hotspotsslerror.jpg
However I dont think that having an ssl cert on the hotspot is the issue?

This error doesnt occour when I try got to my hotspots page using ssl.,

If I connect to the wireless, (Not Logged in) and My browser automatically goes to https://youtube.com I get this error attached. BUt it doesnt even try redirect me to hotspot.local ?

Unless I require a ssl cert in order to even redirect an https request?
You do not have the required permissions to view the files attached to this post.
 
User avatar
jayd2k
newbie
Posts: 45
Joined: Tue Sep 10, 2013 6:46 am
Location: Philippines

Re: Hotspot not directing https traffic

Wed Aug 13, 2014 6:50 am

Thanks for your response,

[...]

Unless I require a ssl cert in order to even redirect an https request?
Srange behaviour. Kindly attach your config.
By 2016 total internet traffic will be 3x 2011

Who is online

Users browsing this forum: LSan83 and 59 guests