When a guest logs in to your Fydelia splash page, Fydelia will submit the login form back to the MikroTik hotspot. Therefore, if you're using Fydelia with the secure HTTPS protocol (this is default and recommended), it is essential to ensure that the hotspot has a valid SSL certificate.
If you do not have a valid SSL certificate, the guest will receive security warnings when submitting the form.
STEP 1: Upload your cert files
From the side menu click Files:
Upload your crt and private key files into the root folder
STEP 2: Install the certificate
In your MikroTik router, click NEW TERMINAL from the left menu:
Type: /Certificate and hit ENTER
Enter this command using the name of your certificate file (.crt)
import file-name=Hotspot.crt
Hit ENTER
Enter the passphrase
If successful you should see this output:
passphrase: ****
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
Now import the key file
import file-name=Hotspot.key
Hit ENTER
Enter the passphrase
If successful you should see this output:
passphrase: *******
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
STEP 3: Assign the certificate to the www-ssl service
Run this command to assign your certificate to the www-ssl servce. Note that we're continuing with the name of the file used above: "Hotspot"
/ip service set www-ssl certificate=Hotspot disabled=no
Alternatively you can add or view the certificate in the interface here:
You should see "KT" next to your certificate.
FAQ: What does certificate status KT mean? K=Private Key, T=Trusted
STEP 4: Assign the certificate to your HotSpot
The final step is to instruct MikroTik to use this certificate in your HotSpot
Via Command line:
/ip hotspot profile set hsprof1 login-by=https ssl-certificate=Hotspot
Note that hsprof1 must correspond to the HotSpot profile name you created, and "Hotspot" must match the certificate name
Via Interface:
Go to IP->Hotspot
Click the Server Profiles Tab
Click Login and set the corresponding options:
(in this screenshot we used a certificate named "login.fydelia.com")
IMPORTANT: Setting HTTPS Redirect is essential, since it will ensure that non HTTP requests are immediately redirected to secure HTTPS. Failure to set this option will result in errors such as:
"The network you are trying to join has security issues. For example, the login page might not belong to the organisation shown. Continue anyway."
Click Apply and OK