HTTPS authentication on MikroTik routers eliminates browser security warnings during guest WiFi login by encrypting the authentication process with SSL certificates. This creates a more professional guest experience and prevents "insecure content" messages that can reduce conversion rates and damage trust in your WiFi network.

This guide walks you through obtaining an SSL certificate for your domain, importing it into MikroTik, and configuring hotspot settings to enable HTTPS authentication with Spotipo.

Certificate recommendation: Use paid certificates that last 1+ years instead of Let's Encrypt (3-month validity requiring frequent updates). Contact [email protected] if you need assistance obtaining certificates.

HTTPS authentication should be used if you want to set up a more secure authentication process for your customers. That means that the customers authentication process will use HTTP instead of HTTPS. This also means that it will get rid of the Insecure content messages when logging in to your network. So this is a use case solving that issue as well.

To set up your own HTTPS authentication method, you will need:

If you have neither domain nor certificate for it, feel free to contact [email protected] and we can sort things out for you.

If you decide to use your own domain, you will need to create an SSL certificate. You can use any certificate that is issued by trusted certificate authority (Cloudflare, Letsencrypt, etc.).

NOTE: We do not recommend usage of Letsencrypt certificates because even though they do work, they last only 3 months. That means that you will have to update your configuration every 3 month for each site that you use. It is recommended to use certificates that last longer (paid certificates).

To have a login page pop up correctly, you need to import a new login.html file and replace the old one.

NOTE: You need to replace the login.html file even if you've imported one from Setup guide. This is a different file from the one in the previous setup.

Download index.html from this location.

Upload the created login.html to your AP using upload button.

Move the login.html under hotspot folder.

First, you need to import SSL certificates that just got issued to you in your Mikrotik router. To do so, in Winbox, go to Files and upload your certificates there. You should upload Server, Intermediary and Root certificates to the device. They can all be uploaded as a single conjugated file as well. Most of the certificate types will work, but it is recommended to use .pem and .p12 file types.

After you've successfully transferred files over to the Mikrotik, you need to import them. You can do so by going to System->Certificates and select the Import option.

Select the file/files that contain your certificates and Import them by pressing the Import button.

If there are now 2 or 3 certificates (depending on the import method), all of them are marked as trusted and there are 2 types of certificates (1 KT and 1 LT for 2 certificates or 1 KT and 2 LT certificates for 3 certificates imported). The import is successful.

After the certificates have been successfully imported, go to IP->Hotspot->Server Profiles and select your network's hotspot (default is hsprof 1) to make changes needed for enabling HTTPS.

From here, in General->DNS Name add your domain name that the certificate is issued to.

Under Login section, make sure that both HTTP CHAP and HTTPS are enabled. Under SSL Certificate, select the Server certificate that you've imported previously. Also make sure that HTTPS redirect is turned on

Next, check IP->Hotspot->Walled Garden settings and make sure that spotipo is added as an entry. If it is not there, you might get insecure connection messages from your browser.

To make sure that everything is being translated correctly, we need to check on DNS settings. It is recommended to set DNS server address as one of the publicly available servers (In this example we use Google's DNS 8.8.8.8 but feel free to use any other server).

Also, under Static section, check that your domain is set up under the address that your portal is working on.

If you've done all steps successfully, it's finally time to test the configuration out.

If you have any problems, check your settings once more and feel free to reach out to us at [email protected]

After importing certificates, updating the login.html file, and configuring hotspot settings, your MikroTik captive portal now uses encrypted HTTPS authentication. Guests will no longer see insecure connection warnings during login.

Still seeing security warnings? Verify spotipo is added to walled garden settings and that your domain is correctly configured in DNS static entries.

Need help with HTTPS setup? Contact Spotipo support at [email protected].