Sun Mar 17, 2019 11:54 pm
Don't set up your network in a way that intercepts all HTTPS requests and encourages users to bypass SSL errors. This is teaching users very dangerous practices, when their connection actually does get MITMed by a network attacker or compromised DNS, website, etc, then they will happily ignore the error and hand over their bank details and passwords etc.
It's my opinion that Mikrotik shouldn't even offer this option as it encourages dangerous practices by network operators who don't know better and just follow outdated wiki guides. Many of the top visited sites use HSTS in any case, so browsers won't even let users bypass the error.