Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Mark Ivanych2014-09-18 15:18:08
Mikrotik
Mark Ivanych, 2014-09-18 15:18:08

Is it possible to make an ssl certificate for the router?

Hello, next issue.
We have a router (mikrotik) in it there is such a Hotspot service.
The problem is that https does NOT work properly, now we have a self-signed certificate and a warning appears accordingly.
This occurs in the following cases:
1. The cafe client connects to a Wi-Fi point and tries to access, for example, https://ya.ru
2. The router tries to transfer it to the hotspot, but an error occurs about an insecure connection.
Tell me how to be. Is it possible to buy a normal certificate, but to a local address?
The router has it like this 198.162.88.1
In the hotspot itself, you can install a certificate, the problem is what address this certificate should be sent to.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
B
brutal_lobster, 2014-09-19
@brutal_lobster

https://cabforum.org/wp-content/uploads/BRv1.1.7.pdf

Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.
You probably still have time to get such a certificate with an internal name, if CA will meet the halfway.
Or you can get a certificate for a public-suffix domain and set it up on a hotspot. After adding a record for this domain A with the local address 192.168.88.1

Report
M
Mark Ivanych, 2014-09-25
@iormark

Outcome
1. The certificate is not needed.
2. Redirecting from https to hotspot does not work or is not possible in principle.
3. Scripts and css from Facebook are not loaded if you add a domain to the Walled Garden. They update their IP addresses every 20 seconds. For some reason, the following domains do not work:
s-static.ak.facebook.com
fbcdn-profile-a.akamaihd.net
fbexternal-a.akamaihd.net
connect.facebook.net
fbstatic-a.akamaihd.net
when as https:// www.facebook.com is loading. In general HZ.
But it works if you add all these domains to the Walled Garden IP List.

Similar questions
N
Nposk2021-01-14 14:56:16
Why doesn't Suricata write logs? 1Reply
M
modcode2021-01-15 20:02:01
SSTP Client - Mikrotik? 1Reply
M
Mikname2019-05-16 18:56:51
Is it possible to distribute the Internet to 2 routers through a managed switch? 4Reply
F
F0lder2019-05-16 21:41:21
The USB modem is set to Mikrotik, but distributes its own IP range. How do I set up a different internal IP range or connect it to a bridge? 2Reply
O
Oleg2021-01-18 10:00:47
Why do packets go in one case, and not in the second? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question