HW INFO:
-Mikrotik SXTG-2HNd
WAN IP: 10.0.10.229/24
WIFI IP: 192.168.88.1/24
> ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK INTERFACE
0 10.0.10.229/24 10.0.10.0 ether1
1 192.168.88.1/24 192.168.88.0 wlan1
/ip route
add distance=1 gateway=10.0.10.1
/system ntp client
set enabled=yes primary-ntp=203.160.128.59
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
click IP/Hotspot/Servers
click Hotspot Setup







click IP/Hotspot/Servers/hotspot1
click IP/Hotspot/Server Profiles/hsprof1/

click + on IP/Hotspot/User Profiles
create hotspot user
click + on IP/Hotspot/Users
To enable self-signed certificate
> ip service print
Flags: X – disabled, I – invalid
# NAME PORT ADDRESS CERTIFICATE
0 XI telnet 23
1 ftp 21
2 www 80
3 ssh 22
4 XI www-ssl 443 none
5 api 8728
6 winbox 8291
7 api-ssl 8729 none
> ip service disable 0
> ip service disable 1
> ip service enable 4
create self-signed
# openssl genrsa -des3 -out hotspot.key 1024
Enter pass phrase for hotspot.key: password
Verifying – Enter pass phrase for hotspot.key: password
# openssl req -new -key hotspot.key -out hotspot.csr
Enter pass phrase for hotspot.key: password
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:JKT
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:NGTrain
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:hs.ngtrain.com
Email Address []:support@ngtrain.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:
# openssl x509 -req -days 10000 -in hotspot.csr -signkey hotspot.key -out hotspot.crt
Signature ok
subject=/C=ID/ST=JKT/L=Jakarta/O=NGTrain/OU=IT/CN=hs.ngtrain.com/emailAddress=support@ngtrain.com
Getting Private key
Enter pass phrase for hotspot.key: password
-scp hotspot.crt hotspot.key into mikrotik /hotspot
> /certificate import file-name=hotspot/hotspot.crt
passphrase: ********
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
> /certificate import file-name=hotspot/hotspot.key
passphrase: ********
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
/ip service set www-ssl certificate=hotspot.crt_0
-if you don’t have your own dns server, you can add static dns address for hs.ngtrain.com into your mikrotik
> ip dns static add name=hs.ngtrain.com address=192.168.88.1
verify using this command
> ip dns cache print
-modify IP/Hotspot/Server Profiles/hsprof1/
