Enabling SSL Encryption
If you want to encrypt the hotspot pages because you're requiring payments or accounts on your hotspot, it's best to purchase a certificate signed by a certificate authority (CA) rather than create your own self-signed certificates for free. This is because users will see a warning/error in their Web browser unless your hotspot server is using a certificate issued by a CA recognized by their browser.
To get started, you must create a certificate signing request (CSR) with RouterOS via command-line, either at the server PC or with a new terminal window in WinBox.
Run the following command:
/certificate create-certificate-request
You'll be prompted to enter a name for the file that the CSR and private key will be written to; the default filenames should be fine.
You'll also create a passphrase for the private key. Next, use the default RSA key bits value. Then you'll be asked the general CSR questions.
Now you need to download the CSR and private key files with a FTP client, such as FileZilla, by connecting to the RouterOS IP with your administration account credentials.
You can use the CSR to order your certificate from a CA such as GoDaddy, RapidSSL, or Thawte.
Once you have the signed certificate, upload it via FTP. Then run the following command:
/certificate import file-name=thecertificatesfilename
Then you have to type the password you created when making the CSR.
On WinBox, now you need to click IP > Services. Then you need to double-click the www-ssl entry, select the certificate and click OK.
Back on the IP Service List, click the www-ssl entry and click the checkmark button to enable it.
Now to enable SSL for your hotspot, edit your hotspot server profile to allow HTTPS logins and select your certificate.