Enabling HTTPS on MikroTik self Web-server (generate root and HTTPS certificate)

Never use unencrypted protocol like HTTP or FTP toward your router!
Your password will travel plain-text and risk is not worth 5 minutes it takes to enable TLS encryption!

For HTTPS to work need to create two certificates (root and HTTPS certificate):

/certificate
add name=root-cert common-name=MikrotikRouter days-valid=3650 key-usage=key-cert-sign,crl-sign
sign root-cert
add name=https-cert common-name=MikrotikRouter days-valid=3650
sign ca=root-cert https-cert

The example is 10 years (3650 days). But this could be less, not a bad idea, changing the cert every year…
If there is a change in the affected package during the firmware upgrade, it is worth re-generating the certs.

With certificate signed, just need to assign it to www-ssl service and enable it, while disabling http:

/ip service
set www-ssl certificate=https-cert disabled=no
set www disabled=yes

Project done, now you can access your router via HTTPS…

Getting Chrome to accept self-signed localhost certificate

Click anywhere on the page and type a BYPASS_SEQUENCE:

thisisunsafe” is a BYPASS_SEQUENCE for Chrome version 65

badidea” Chrome version 62 – 64

danger” used to work in earlier versions of Chrome

If it not work, check if they changed it again, go to latest Chromium Source Code:

At the moment it looks like that:

var BYPASS_SEQUENCE = window.atob('dGhpc2lzdW5zYWZl');

You can run following line in a browser console:

console.log(window.atob('dGhpc2lzdW5zYWZl'));

How to change the language of the Cisco SPA5xx

  • Download SPA Phone Localization XML dictionaries (download both: english and your language)
  • Log into the web interface of your phone, switch over to Admin login: advanced (top right) /  [Voice] Regional -> Dictionary Server Script
  • Write: serv=tftp://192.168.0.2/;d0=English;x0=81692-spa50x_30x_en_v747.xml;d1=Magyar;x1=s81691-spa50x_30x_hu_v747.xml (192.168.0.2 is your tfpd server IP)

E-mail (gmail) configuration in a FreePBX Distro

append to /etc/postfix/main.cf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = smtp.gmail.com:587

change /etc/postfix/sasl_passwd:

smtp.gmail.com:587 your-email-here@gmail.com:Password

Tell postfix:

chmod 400 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
chown postfix /etc/postfix/sasl_passwd
postfix reload