Hello everyone!
I need to add the certificate for hotspot to be showing in address browser "https" secure website!, But when read by searched and applied all steps but the certificate in browser "connection not secure" All the steps can see below:
,


Any one can told me where the problem because i need to change the hotspot login from "not secure" to "https secure",
Does anyone correct in whether there are errors in the certificate.
THANKS

It's a little more difficult than this. Regular browser contains built-in list of trusted certificate authorities. If you get certificate from any of them, browser is able to verify that truted CA signed it. Another step is who the certificate is for, the most common is specific hostname. So if you have hotspot page e.g. https://hotspot.mydomain.tld, you need certificate for "hotspot.mydomain.tld".

What you're doing now is creating your own CA "root-cert" for hostname "MyRouter". As you can probably already suspect, regular browser won't like this very much. You would have to add your "root-cert" to browser as trusted CA, and your hotspot page would need to be https://MyRouter. It's possible, but only for your own devices, random visitor won't trust your certificate. And if you're thinking about it, the answer is no, you can't tell visitors to install your CA. Well, you can, but no sane person would do it.

Just use certificate from trusted CA. You can either buy it (costs less than $10/year), or you can get it for free from Let's Encrypt (but it's valid only for three months, so you'll need some automated solution to renew it).

It's a little more difficult than this. Regular browser contains built-in list of trusted certificate authorities. If you get certificate from any of them, browser is able to verify that truted CA signed it. Another step is who the certificate is for, the most common is specific hostname. So if you have hotspot page e.g. https://hotspot.mydomain.tld, you need certificate for "hotspot.mydomain.tld".

What you're doing now is creating your own CA "root-cert" for hostname "MyRouter". As you can probably already suspect, regular browser won't like this very much. You would have to add your "root-cert" to browser as trusted CA, and your hotspot page would need to be https://MyRouter. It's possible, but only for your own devices, random visitor won't trust your certificate. And if you're thinking about it, the answer is no, you can't tell visitors to install your CA. Well, you can, but no sane person would do it.

Just use certificate from trusted CA. You can either buy it (costs less than $10/year), or you can get it for free from Let's Encrypt (but it's valid only for three months, so you'll need some automated solution to renew it).

Thank you for your replay,
In this way how can i build the certificate as free and all browsers can i see the "https secure", Because, I've never worked before to make a certificate by me. I hope you give me tips in order to try the work of a certificate.
I need to make as free!

I can give you tips, but unfortunately not any step by step guide.

First you need to decide how much free you want it. Certificate is no problem, Let's Encrypt issues them for free, but you do need a real domain name. Best case that gives you most options is to register/buy one (.com, .net, whatever). With that, you can choose any subdomain for hotspot, and you can also choose between DNS and HTTP validation. If even that's too much and you want it completely free, you'd need to get hostname elsewhere. One option it dynamic DNS built-in RouterOS, it can provide free hostname like 04d42a5e9a06.sn.mynetname.net (first part depends on router's serial number). Downside is that you would have to use this hostname for hotspot (it's not very pretty; it can be solved if you find some other dynDNS service with prettier names), and you'd be limited to HTTP validation.

In any case, you will need another machine besides the router, because RouterOS doesn't have built-in client for Let's Encrypt, so you will need to run it elsewhere and upload resulting certificate to router. You can get some ideas how to do it in this thread: viewtopic.php?f=1&t=92673

About validation methods, HTTP requires that webserver running on given hostname is reachable from Let's Encrypt's servers. It's not ideal when you want to have hotspot page somewhere in internal network. But it's doable with dstnat, you can redirect requests from internet to the other machine. DNS method gives you more freedom, because machine with LE client doesn't need to be anywhere near the router. But if it should be fully automated, you need either DNS hosting with some API access, or ability to run own DNS server (even simple single-purpose one used only for LE validation is enough).