One option to avoid that would be to disable HTTPs redirect with this firewall rule: Per experiment ~60hosts with only Dropbox installed on them could cause up to 50-60% CPU load on lower end mipsbe devices like RB951 or similar models.
![mikrotik hotspot mikrotik hotspot](https://www.fusionwifi.com/wp-content/uploads/2016/11/mikrotik-hotspot-kick-device-2.png)
SSL certificate key size will impact load on In this situation various services on these hosts like Dropbox for example are trying to contact their servers and are constantly bouncing against hotspot server. SSL certificate key size impact on CPU load In such case the end user should try to access different sites. Note: Such HTTPS sites as google, facebook, etc that use SSL HSTS will still be showing ssl error, and will completely refuse to continue.
![mikrotik hotspot mikrotik hotspot](https://i.pinimg.com/originals/fd/90/a8/fd90a8f2d21dec40912ba0e175f839ed.png)
Now all HTTPs requests from unauthorised clients will be redirected to your Hotspot login page. ip hotspot profile set hsprof1 login-by=https ssl-certificate=Hotspot Next step is to enable HTTPs login on your Hotspot. ip service set www-ssl certificate=Hotspot disabled=no When you have successfully imported certificate and private key on the router, first you need to enable ssl service and add the name of the certificate in /ip service: In such case end-user should try to access different site. Note: Such HTTPS sites like google, facebook, etc that use SSL HSTS will show ssl error and will refuse to continue. Note: Browser will still warn end-user about redirection even with CA signed certificate! This warning message cannot be avoided. Certificate import procedure is the same as described in previous example. To use HTTPs login without displaying SSL warning on client browser, requires use of Trusted CA signed certificate. As part of SSL protocol, cause hotspot captive portal will be seen as Man-in-the-Middle by SSL. Note: By using self signed certificate, SSL redirect warnings will still be present. certificate> import file-name=Hotspot.keyĬertificates are ready for use in Hotspot login.
![mikrotik hotspot mikrotik hotspot](https://mikrotik-routeros.com/wp-content/uploads/2019/01/dhcp-leases.png)
certificate> import file-name=Hotspot.crt Now you need to upload and import created key and certificate (CRT file) to the router Openssl x509 -req -days 365 -in Hotspot.csr -signkey Hotspot.key -out Hotspot.crt Openssl req -new -key Hotspot.key -out Hotspot.csr
![mikrotik hotspot mikrotik hotspot](https://s2.bukalapak.com/img/7933091192/large/Template_Mikrotik_Hotspot_Voucher_Premium___Template_login_p.jpeg)
Openssl genrsa -des3 -out Hotspot.key 1024
#Mikrotik hotspot free#
Here is OpenSSL example, to generate free self-signed certificate. Sign Hotspot-template ca=m圜a name=Hotspot
#Mikrotik hotspot how to#
The following examples will show how to use OpenSSL on linux machine, and RouterOS CLI to generate and sign your own certificates.įirst we need to make our own CA who will sign the cerificatesĪdd name=ca-template common-name=m圜a key-usage=key-cert-sign,crl-signĪdd name=Hotspot-template common-name=Hotspot There are multiple free tools available for creating such certificates. Self-signed certificates can be made with no costs, and without public CA involvement. It is possible to use trusted certification authority (CA) signed certificate as well as no cost, self-signed certificate. This page contains information how to use SSL certificate to enable HTTPS login on Hotspot server.