/certificate add name=self-signed-certificate common-name=common-name country=it days-valid=365 key-size=2048 locality=locality organization=organization state=state trusted=yes unit=organization-unit subject-alt-name=DNS:my.local.net,IP:192.168.0.101,email:my@email.it key-usage=digital-signature,key-cert-sign,crl-sign;
/certificate sign template=self-signed-certificate ca-crl-host=192.168.0.101 name=common-name ca-on-smart-card=no;

enable ip / service / www-ssl and set the service to use certificate "common-name"

enable, on hotspot profile, login by https, selecting as certificate "common-name"

http://forum.mikrotik.com/viewtopic.php?f=2&t=81683