MikroTik: HotSpot https (not) working

Maybe you are familiar with the problem that sometimes HotSpot won’t show the login page or if it shows it, you can’t access any website that start with “https”.

There are solutions to the problem that involve buying a signed certificate (example: commodo or rapid SSL) and implement it into your HotSpot or to create a self-signed certificate from your MikroTik router. If you use a self-signed certificate, every browser will warn you that you are accessing a website with unknown and insecure certificate. That message could potentially scatteer of all your HotSpot users.

There is a cool workaround that my MikroTik trainer has taught me. Actually you need to allow authenticated HotSpot users to access Google via https and after that users will be redirected to your HotSpot Login Splash page.
Step 1

Redirect your users to Google after successful login -> explained in this tutorial http://www.itino.net/how-to-redirect-user-to-a-specific-url-after-successful-mikrotik-hotspot-login/

Step 2

In your Walled Garden configuration write this:

/ip hotspot walled-garden
add src-address= (this is optional to put your HotSpot subnet as the source)
add dst-host=:^www.google.*$
add dst-port=443





Join the Conversation


  1. Hello! You are saying in the beginning to allow PREAUTHENTICATED users to access Google and then redirect to the login page. The tutorial you link is AFTER authentication and successful login. So how do you do ti properly before aunthentication???

    1. Hi! Yes, it should be authenticated:) I do not have a working solution for preauthenticated users right now but you can contact me directly via email and I will assist in any way I can about the problem.

Leave a comment

Your email address will not be published. Required fields are marked *