Command tip #3 – Enable SSL in MikroTik

Generate certificate, enable HTTPS and set MikroTik to listen on HTTPS 443 Port:

/certificate add name=webfig-ssl common-name=router.lan country=US days-valid=3650 key-size=2048 locality=US organization=US trusted=yes key-usage=digital-signature,key-cert-sign,crl-sign;

/certificate sign webfig-ssl ca-crl-host= name=webfig-ssl ca-on-smart-card=no;

/ip service set www-ssl certificate=webfig-ssl

/ip service set www-ssl port=443

/ip service enable www-ssl

Pay attention to:

  • common-name – this is the DNS name where MikroTik is reachable
  • ca-crl-host – this is CRL MikroTik IP Address