When a guest logs in to your Fydelia splash page, Fydelia will submit the login form back to the MikroTik hotspot.  Therefore, if you’re using Fydelia with the secure HTTPS protocol (this is default and recommended), it is essential to ensure that the hotspot has a valid SSL certificate.

If you do not have a valid SSL certificate, the guest will receive security warnings when submitting the form.

STEP 1: Upload your cert files

From the side menu click Files:

Upload your crt and private key files into the root folder

STEP 2: Install the certificate

In your MikroTik router, click NEW TERMINAL from the left menu:

Type: /Certificate and hit ENTER

Enter this command using the name of your certificate file (.crt)

import file-name=Hotspot.crt

Hit ENTER

Enter the passphrase

If successful you should see this output:

passphrase: ****
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

Now import the key file

import file-name=Hotspot.key 

Hit ENTER

Enter the passphrase

If successful you should see this output:

passphrase: *******
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

 

STEP 3: Assign the certificate to the www-ssl service

Run this command to assign your certificate to the www-ssl servce.  Note that we’re continuing with the name of the file used above:  “Hotspot”

/ip service set www-ssl certificate=Hotspot disabled=no

Alternatively you can add or view the certificate in the interface here:

You should see “KT” next to your certificate.

FAQ:  What does certificate status KT mean?  K=Private Key, T=Trusted

STEP 4: Assign the certificate to your HotSpot

The final step is to instruct MikroTik to use this certificate in your HotSpot

Via Command line:

/ip hotspot profile set hsprof1 login-by=https ssl-certificate=Hotspot 

Note that hsprof1 must correspond to the HotSpot profile name you created, and “Hotspot” must match the certificate name

Via Interface:

Go to IP->Hotspot

Click the Server Profiles Tab

Click Login and set the corresponding options:

(in this screenshot we used a certificate named “login.fydelia.com”)

IMPORTANT: Setting HTTPS Redirect is essential, since it will ensure that non HTTP requests are immediately redirected to secure HTTPS.  Failure to set this option will result in errors such as:

“The network you are trying to join has security issues. For example, the login page might not belong to the organisation shown.  Continue anyway.”

Click Apply and OK