Community discussions

MikroTik App
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

mikrotik hotspot with SSL

Fri Nov 22, 2013 11:26 am

i got weird issue when activated HTTPS on hotspot option. people complained that they got "Untrusted Certificate" if typed https domain in url (for first redirect to login page). it showed that dest domain certificate use our SSL certificate , any idea how to fix it ?

Image
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

Re: mikrotik hotspot with SSL

Sun Nov 24, 2013 5:19 am

any1 had experience bout this issue ?
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: mikrotik hotspot with SSL

Sun Nov 24, 2013 10:38 am

This happen due to the interception of the https connection to facebook. Technical it's a man-in-the-middle "attack" and the router is presenting it's own certificate and the browser is doing what it should do when this happen: show a warning.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

Re: mikrotik hotspot with SSL

Sun Nov 24, 2013 2:56 pm

yes i know but how to fix it ? is it any way to use HTTPS in hotspot login without got that issue ?
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: mikrotik hotspot with SSL

Sun Nov 24, 2013 3:37 pm

yes i know but how to fix it ? is it any way to use HTTPS in hotspot login without got that issue ?
Unfortunately there is no way to "fix" it. if you find a way to "fix" it you find also a way to "hack" https.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: mikrotik hotspot with SSL

Sun Nov 24, 2013 4:03 pm

Maybe if you explicitly send a "511 Network Authentication Required" HTTP status code?

Some older browsers will still have the same problem, but at least new ones may follow the redirect.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
kirlein
just joined
Topic Author
Posts: 9
Joined: Thu Apr 27, 2006 8:37 am

Re: mikrotik hotspot with SSL

Mon Nov 25, 2013 10:55 am

just wondering if we can force https => http when in unauth position.
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: mikrotik hotspot with SSL

Mon Nov 25, 2013 11:58 am

Maybe if you explicitly send a "511 Network Authentication Required" HTTP status code?

Some older browsers will still have the same problem, but at least new ones may follow the redirect.
As the http-request is send after the SSL handshake is done i doubt that a browser will its request if it gets an invalid certificate during the handshake.
most probably it terminates the tcp connjection once it's "unhappy" with the certificate.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
hasanakgoz
newbie
Posts: 32
Joined: Sun Dec 29, 2013 2:56 pm
Location: Turkey
Contact:

Re: mikrotik hotspot with SSL

Sun Dec 29, 2013 3:02 pm

Hi;

I have a similar problem. Mobile phones hotspot page does not open. especially the iPhone. A workaround solution yet?

Who is online

Users browsing this forum: inteq, sindy, ysha and 60 guests