I continue the final battle with Hotspot mikrotik. Why is there no certification path?

D

Dvach2021-08-10 11:29:53

Mikrotik

Dvach, 2021-08-10 11:29:53

So, there is a page, there is a configured hotspot on Mikrotik. There is a wildcard certificate for example at *.example.com. The certificate is imported and selected. There is an entry for hotspot.example.com dns name in the server profile is correct. A record to the external address of the router. And everything works as it should with some devices. But on some devices (mostly Windows) - bowsers cannot find the certification path. Why is the certification path not defined in individual cases?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2021-08-10
@Dvach

Because there is no publisher certificate in the root. Windows checks the certificate of the issuer of the checked certificate for the presence in the root store. If it is not a root itself (that is, it has its own publisher), then it checks it, and so on, until it reaches a certificate that is its own publisher :)
And all certificates in the chain must be present either in "Trusted Root Centers" or in "Trusted intermediate centers". On every device. For Windows, this is usually done by politicians.