HTTPS & Certificates

The HTTPS & Certificates section allows administrators to configure secure access to the Admin Panel and Captive Portal. It supports preloaded certificates, device-signed certificates, and custom SSL certificates for production deployments.

HTTPS Modes

The gateway supports multiple HTTPS operation modes depending on security requirements and deployment type.

Available HTTPS Modes

Preloaded (portal.w-router.com)
Uses a preloaded certificate for the default portal domain portal.w-router.com.
This mode requires no additional configuration and is suitable for quick deployments.

Device-Signed (browser warning)
Uses a self-signed certificate generated by the device.
Browsers will display a security warning. Recommended for testing only.

Custom Certificate (recommended)
Allows uploading a custom SSL certificate for a user-owned domain.
This is the recommended mode for production environments.

HTTP Only (not recommended)
Disables HTTPS entirely. All traffic is unencrypted and may be intercepted.

⚠️ HTTP mode is not recommended and requires explicit acknowledgment.

Current Status Information

The status section displays the active HTTPS state and certificate details.

Displayed information includes:

Current Status – HTTPS, HTTP, or Error state
Certificate Type – Preloaded, Custom, Device-Signed, or None
Certificate Expiration – Expiry date of the active certificate

Note: Expired custom certificates automatically fall back to a device-signed certificate on reboot.

Uploading a Custom SSL Certificate

Custom certificates allow the use of a branded domain for the Captive Portal and Admin Panel. The HTTPS certificate must match the Captive Portal domain currently configured on the system. If the certificate hostname and portal domain do not match, browsers may display security warnings or block access.

You can change the Captive Portal domain from Captive Portal > Landing Page > Advanced

Requirements

To successfully install a custom certificate, the following files are required:

Certificate file (full chain) – Must include:
- Domain (leaf) certificate
- Intermediate CA certificate(s)
Private key file – Must match the certificate

⚠️ Uploading only the domain certificate without the intermediate CA will cause HTTPS errors.

Creating a Full Chain Certificate File

Most certificate providers supply multiple files. These must be combined before upload.

Example Files Provided by a Certificate Authority

yourdomain.crt (domain certificate)
yourdomain.ca-bundle (intermediate certificate)

Combine into a Full Chain File
Create a new file called fullchain.crt with the following order:
yourdomain.crt yourdomain.ca-bundle
Do not include root CA certificates.

1. On Windows (PowerShell):
Get-Content yourdomain.crt, yourdomain.ca-bundle | Set-Content fullchain.crt

2. On Linux / macOS:
cat yourdomain.crt yourdomain.ca-bundle > fullchain.crt

3. Manual Method
You can create the full chain certificate manually using a text edit (eg. Notepad).

Step 1: Open your certificate files

Open yourdomain.crt with Notepad.
Select all content and copy it.
Open yourdomain.ca-bundle with Notepad.
Select all content and copy it.

Step 2: Create the full chain file

Open Notepad.
Paste the contents of yourdomain.crt first.
On a new line, paste the contents of yourdomain.ca-bundle after it.

The order must be:
yourdomain.crt yourdomain.ca-bundle

Upload Steps:

Select Custom Certificate mode.
Upload:
- Certificate: fullchain.crt
- Private Key: your .key file
Click Upload.
Click Save to apply the configuration.

The system validates:

Certificate format
Certificate and key matching
Certificate expiration

Once applied, HTTPS will activate automatically.

HTTP Mode

When selecting HTTP Only, the system displays a warning.

To proceed:

Check "I understand the risks of using HTTP".
Click Save.

⚠️ In HTTP mode:

Traffic is unencrypted
Authentication data may be exposed
User Data based login methods are automatically disabled

Important Notes

Always use a full chain certificate for custom domains.
Certificates must match the configured hostname.
Avoid uploading root CA certificates.
Monitor certificate expiration dates to avoid service disruption.
For production use, Custom Certificate mode is strongly recommended.

Admin Panel

Voucher Manager App

Live! Menu App

Coupon Manager App

First Login

Dashboard Overview

Dashboard Customization

Notifications and Tools

WAN Configuration

Firewall and URL Filtering

VPN Client

LAN Network and IP Settings

Guest Network and IP Settings

Guest Ethernet and VLANs

Third-Party AP Integration

Builder Overview

Landing Page

Authentication Page

OTP Validation

Connected Page

Feedback System

Translations

Theme Editor

Media Gallery

Legal Compliance

Templates

Free Access (with or without validation)

Facebook Login Authentication

Email Connect (with or without OTP)

Mobile/SMS Authentication (with OTP)

Voucher Authentication

Paid Access

Persistent Login & Auto-Reconnect

Network and Device Speed Limits

Time Limits and Connection Keep-Alive

Concurrent Device Limit (Vouchers)

Bypass Portal or Block access for specific devices

Bypass Authentication for specific URLs (Walled Garden)

Accessing Voucher Manager

Creating, Editing and Printing Vouchers

Voucher Generator (Click and Print)

Managing Payment Plans

Payment Portal Settings

Printing Options

Data Export and Reporting

Dashboard Analytics

Login Log

Vouchers

Free Users

Email Users

Mobile Users

Facebook Users

User Ratings

Mailchimp Integration

API Access with Examples

Automatic Export with FTP Uploader

PointX CM Integration

Automations

Coupon Campaigns

Bulk Messages

Connectivity Settings

Users and Privileges

Cloud Access

System Log & Connection Tracking

Data Retention

LED Controller

Backup and Restore

Time & Region

Maintenance

HTTPS & Certificates

HTTPS & Certificates

HTTPS Modes

Available HTTPS Modes

Current Status Information

Uploading a Custom SSL Certificate

Creating a Full Chain Certificate File

HTTP Mode

Important Notes