Nov 112016
 

Mikrotik and its WinBox interface are virtually inseparable. Most people use it without thinking of any other option. However, Mikrotik supports also has (quite a good) HTTP interface and it also supports a (disabled by default) HTTPS access.

Enabling HTTPS is unfortunately not a straightforward experience.

The easiest way to configure this is to enter commands into New Terminal from WinBox. I will simply repeat commands needed instead of going through the screens. Commands are actually quite descriptive and easy to “translate” into GUI actions if that is your preference.

For HTTPS to work we need to create two certificates, master and apprentice. Ok, actually we need root and HTTPS certificate but master and apprentice sounds much cooler ;):

/certificate
add name=root-cert common-name=MyRouter days-valid=3650 key-usage=key-cert-sign,crl-sign
sign root-cert
add name=https-cert common-name=MyRouter days-valid=3650
sign ca=root-cert https-cert

With certificate signed, we just need to assign it to www-ssl service and enable it, while disabling non-https variant:

/ip service
set www-ssl certificate=https-cert disabled=no
set www disabled=yes

And that’s it. Now you can access your router via HTTPS.

PS: Never use unencrypted interface like HTTP or FTP toward your router. Your password will travel plain-text and risk is not worth 5 minutes it takes to enable TLS encryption.

  3 Responses to “Enabling HTTPS on MikroTik”

Comments (3)
  1. what’s the advantage of this not being automatic like everything else I use which claims to be secure and has never been hacked? Reminds me of the episode of the cartoon where the guy invents the flying bicycle but tells the people who need to use it that they have to put the dick shaped seat in their asses. Later they find out they didn’t have to. That’d be like me realizing that I don’t ever need to buy anything from Mirotik.

    • There is no advantage – it is just different way of doing things. Most of the time you would use WinBox to connect which is encrypted regardless of whether you configure https. Using https (or even http) to access your router is not so common in Mikrotik’s world.

      That said, I do prefer to configure https as I am not always accessing my router from Windows machine and WinBox is pretty much Windows-only.

      Mikrotik often pisses me off with various settings (trust me, this is not even close to the biggest stupidity) but I am still to find platform that is as powerful (and as much fun) when you get to know it.

  2. great!, thanks for the tips

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>