Koodo Community

Community

How to view WiFi security certificate


Userlevel 1
For about a week, my favourite cafe chain had an expired WiFi security certificate, which the iPhone kindly warned me of.  I did not accept the certificate.  Yesterday, I ran into weird behaviour with the iPhone at one of the chain's cafes. I got out the strange state by clicking around a lot, in a manner that I thought was reasonable.  I was able to access the internet, but I wondered whether the barrage of clicking managed to accept an expired certificate.  I was not able to find a way to view the details of the certificate.  Is there a way to do this?

9 replies

Userlevel 7
Badge +4
Is that what you are looking for : https://www.imore.com/how-remove-root-certificates-your-iphone-or-ipad??
Userlevel 1
I did run across that prior to posting, but I'm not sure it's what I'm seeking.  I doubt it.  The word "root" seems odd (I suppose it doesn't mean rooting the phone).  In any case, there is nothing under Profile that looks like a WiFi certificate, even after I connect to the WiFi and use it.  There is only one entry, and that is for the certificate to connect to an Exchange Server on my home WiFi.
Userlevel 1
I realize that public WiFi isn't secure, but I was under the impression that https and other methods of securing the channel from your device to the far-end server makes it secure.  I pictured VPN as a sophisticated variation of this.  I also assumed that accepting invalid certificates somehow introduces more risk because otherwise why would they even have certificates?  So I'm a bit confused by your comment that expired certificates not being less safe.  What's the point of a certificate than?
Userlevel 7
Badge +4
andymhancock wrote:

I realize that public WiFi isn't secure, but I was under the impression that https and other meth...

Usually websites have a certificate, not wifi devices. It may be that the back end of (the radius server providing) the interface which you login through has an expired certificate. Although having a certificate provides some level of certainty that the service meets a particular standard, it having expired does not change the risk much. If your driver's license expired, would that make you a greater road risk?

Userlevel 1
andymhancock wrote:

I realize that public WiFi isn't secure, but I was under the impression that https and other meth...

Interesting.  The certificate is for the cafe's access point, I'm pretty sure.  But you're saying that the certificate has nothing to do with encrypting the communication between your device and the access point.  And accepting a bum certificate doesn't make it easier for a man-in-middle attacks (of which I now very little about the technicalities).

If the certificate doesn't make much difference, then it seems that using public WiFi isn't much different in risk from using an access point that is owned and operated by a malicious party.  Either way, your various means of encryption are the sources of your security.  Is this about right?
Userlevel 7
Badge +4
andymhancock wrote:

I realize that public WiFi isn't secure, but I was under the impression that https and other meth...

Well they aren't important in certifying the credentials but as David said, it expiring doesn't automatically make a site or network less secured, especially if it's something like a big chain like Starbucks. Certifications don't do any encrypting or anything of the sort. They mainly verify the identity, which does help with security but isn't a main factor in security. So if there's a lapse in renewing it, it's doesn't necessarily mean its fake. You can find plenty of info explaining this and more via Google actually. Even https helps a lot but isn't a security panacea. I suppose you could say your encryption you choose is the sources of your security.
Userlevel 1
andymhancock wrote:

I realize that public WiFi isn't secure, but I was under the impression that https and other meth...

I think I need to do a lot more reading.  I've always been intimidated by reading up on encryption & identity validation because it looks like you need a Ph.D. in math (to understand the deal with Bob and Alice's keys and such).  But narrowing it down to WiFi certificates seems to make it manageable.

Still confusingly, however, the general info seems to indicate that one of the two main purposes of certificates *is* identify validation (the other is encryption).  I've just made a tiny dent in the returns for googling "what-do-certificates-do wifi" (without quotes), in particular, http://security.stackexchange.com/questions/102550/what-are-wifi-certificates-used-for-what-are-they.

And I get that a recent expiry is not that big a deal, but I also read somewhere in the past week that the main issue with expiry is that the expiry date doesn't give you an idea of whether a certificate has been revoked -- that could have been before the expiry date.

Badge +4
The following links may be of interest. 

https://www.thesslstore.com/blog/trust-manually-installed-root-certificates-in-ios/

https://www.howtogeek.com/176195/why-configuration-profiles-can-be-as-dangerous-as-malware-on-iphone...

https://support.apple.com/en-ca/HT207177

https://www.digicert.com/wifi/

Userlevel 1
Thanks.  I'll take a bit of time to work through that.  During the work week is the pits for extracurricular reading.

Reply