I want to enable HTTPS portal on all gateways but before I need to test it on a demo gateway.
I already have a certificate installed at the HSNM appliance, I can access de website using https without any problem
What I've tried:
import domain.crt
import intermediate.crt
enable www-ssl service indicating the domain.crt
enable https login at the hotspot profile and setting domain.crt as the certificate
The problem is when I try to connect to the network the system (Android) asks to login to the network (captive portal) but we it tries to load it the connection "hangs"
Could you please explan step by step what is the procedure to enable https to one gateway (Mikrotik)?
Thanks!
Enable https in one gateway (Mikrotik)
HSNM administration backend general discussion
-
HSNMSupport
- Posts: 1532
- Joined: 26 Jul 2016, 09:16
Hi Gerard,
these are the steps you have to do:
WARNING: first of all you have to purchase a wildcard certificate for your FQDN domain name (*.yourdomain.com)
1) Make sure to have a FQDN to use for HSNM and your GW (for example yourdomain.com)
2) Decide which FQDN use for your HSNM (for example hsnm.yourdomain.com) and for your GWs (for example hotspot.yourdomain.com)
3) Set the FQDN for the HSNM on HSNM SystemSetting "Domain Name" field
4) Request a wildcard certificate (for example for *.yourdomain.com) to a valid CA for the FQDN
5) Load the .crt file and .key file on HSNM
6) Copy the .crt file and .key file on your Mikrotik GW
7) If you have copy also the CA internediate .crt and .key file
8) Go to "new terminal" of your GW and execute this command:
/certificate import
Note: don't insert any passphrase and hit "ENTER"
9) Edit the hotspot server profile, then go to "general" tab, and for DNS name use the FQDN that you have decided to use for your GW (for example hotspot.yourdomain.com)
10) Edit the hotspot server profile, then go to "login" tab, and enable HTTPS as "login by" and choose on "SSL Certificate" the ones imported on point 8)
Best Regards.
these are the steps you have to do:
WARNING: first of all you have to purchase a wildcard certificate for your FQDN domain name (*.yourdomain.com)
1) Make sure to have a FQDN to use for HSNM and your GW (for example yourdomain.com)
2) Decide which FQDN use for your HSNM (for example hsnm.yourdomain.com) and for your GWs (for example hotspot.yourdomain.com)
3) Set the FQDN for the HSNM on HSNM SystemSetting "Domain Name" field
4) Request a wildcard certificate (for example for *.yourdomain.com) to a valid CA for the FQDN
5) Load the .crt file and .key file on HSNM
6) Copy the .crt file and .key file on your Mikrotik GW
7) If you have copy also the CA internediate .crt and .key file
8) Go to "new terminal" of your GW and execute this command:
/certificate import
Note: don't insert any passphrase and hit "ENTER"
9) Edit the hotspot server profile, then go to "general" tab, and for DNS name use the FQDN that you have decided to use for your GW (for example hotspot.yourdomain.com)
10) Edit the hotspot server profile, then go to "login" tab, and enable HTTPS as "login by" and choose on "SSL Certificate" the ones imported on point 8)
Best Regards.
-
Gerard
- Posts: 72
- Joined: 30 Jun 2017, 10:02
Hi,
So maybe my only problem is that I do not have a wildcard certificate, the certificate I have only points to "domain.com" so I cannot create a different domain on each gateway. Its mandatory to have separate domains for each gateway and the HSNM instance, right?
Example:
wildcard: *.potato.com
HSNM instance --> potato.com and www.potato.com
Gateway1 --> client1.potato.com
Gateway2 --> client2.potato.com
Is that right?
So maybe my only problem is that I do not have a wildcard certificate, the certificate I have only points to "domain.com" so I cannot create a different domain on each gateway. Its mandatory to have separate domains for each gateway and the HSNM instance, right?
Example:
wildcard: *.potato.com
HSNM instance --> potato.com and www.potato.com
Gateway1 --> client1.potato.com
Gateway2 --> client2.potato.com
Is that right?
-
HSNMSupport
- Posts: 1532
- Joined: 26 Jul 2016, 09:16
Hi,
yes, right.
Best Regards.
yes, right.
Best Regards.
-
joem042379
- Posts: 1
- Joined: 24 Mar 2019, 15:43
Dear Support,
How We can Update our SSL Certificate in HSNM server? weGenerate for Standard domain with 3 years and the SCR is doanloaded when we check again the webserver still the SSL certificate is expire..
How to update ?
Thanks,
Jose
How We can Update our SSL Certificate in HSNM server? weGenerate for Standard domain with 3 years and the SCR is doanloaded when we check again the webserver still the SSL certificate is expire..
How to update ?
Thanks,
Jose
-
HSNMSupport
- Posts: 1532
- Joined: 26 Jul 2016, 09:16
Hi,
I'm sorry but we don't provide support on how to renew a SSL certificate.
However, from what we know, if you have to renew it you have to follow same steps you did when you requested the certificate the first time.
Best Regards.
I'm sorry but we don't provide support on how to renew a SSL certificate.
However, from what we know, if you have to renew it you have to follow same steps you did when you requested the certificate the first time.
Best Regards.
Rate this topic
Who is online
Users browsing this forum: No registered users and 4 guests
It is currently 26 Apr 2024, 10:29