Enabling HTTPS on MikroTik self Web-server (generate root and HTTPS certificate)

Never use unencrypted protocol like HTTP or FTP toward your router!
Your password will travel plain-text and risk is not worth 5 minutes it takes to enable TLS encryption!

For HTTPS to work need to create two certificates (root and HTTPS certificate):

/certificate
add name=root-cert common-name=MikrotikRouter days-valid=3650 key-usage=key-cert-sign,crl-sign
sign root-cert
add name=https-cert common-name=MikrotikRouter days-valid=3650
sign ca=root-cert https-cert

The example is 10 years (3650 days). But this could be less, not a bad idea, changing the cert every year…
If there is a change in the affected package during the firmware upgrade, it is worth re-generating the certs.

With certificate signed, just need to assign it to www-ssl service and enable it, while disabling http:

/ip service
set www-ssl certificate=https-cert disabled=no
set www disabled=yes

Project done, now you can access your router via HTTPS…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s