How to view WiFi security certificate

  • 1
  • Question
  • Updated 9 months ago
For about a week, my favourite cafe chain had an expired WiFi security certificate, which the iPhone kindly warned me of.  I did not accept the certificate.  Yesterday, I ran into weird behaviour with the iPhone at one of the chain's cafes. I got out the strange state by clicking around a lot, in a manner that I thought was reasonable.  I was able to access the internet, but I wondered whether the barrage of clicking managed to accept an expired certificate.  I was not able to find a way to view the details of the certificate.  Is there a way to do this?
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb

Posted 9 months ago

  • 1
Photo of Robert

Robert, Mobile Master

  • 103,714 Points 100k badge 2x thumb
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
I did run across that prior to posting, but I'm not sure it's what I'm seeking.  I doubt it.  The word "root" seems odd (I suppose it doesn't mean rooting the phone).  In any case, there is nothing under Profile that looks like a WiFi certificate, even after I connect to the WiFi and use it.  There is only one entry, and that is for the certificate to connect to an Exchange Server on my home WiFi.
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
I realize that public WiFi isn't secure, but I was under the impression that https and other methods of securing the channel from your device to the far-end server makes it secure.  I pictured VPN as a sophisticated variation of this.  I also assumed that accepting invalid certificates somehow introduces more risk because otherwise why would they even have certificates?  So I'm a bit confused by your comment that expired certificates not being less safe.  What's the point of a certificate than?
Photo of David

David, Mobile Master

  • 88,942 Points 50k badge 2x thumb
Usually websites have a certificate, not wifi devices. It may be that the back end of (the radius server providing) the interface which you login through has an expired certificate. Although having a certificate provides some level of certainty that the service meets a particular standard, it having expired does not change the risk much. If your driver's license expired, would that make you a greater road risk?
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
Interesting.  The certificate is for the cafe's access point, I'm pretty sure.  But you're saying that the certificate has nothing to do with encrypting the communication between your device and the access point.  And accepting a bum certificate doesn't make it easier for a man-in-middle attacks (of which I now very little about the technicalities).

If the certificate doesn't make much difference, then it seems that using public WiFi isn't much different in risk from using an access point that is owned and operated by a malicious party.  Either way, your various means of encryption are the sources of your security.  Is this about right?
Photo of Goran

Goran, Mobile Master

  • 89,992 Points 50k badge 2x thumb
Well they aren't important in certifying the credentials but as David said, it expiring doesn't automatically make a site or network less secured, especially if it's something like a big chain like Starbucks. Certifications don't do any encrypting or anything of the sort. They mainly verify the identity, which does help with security but isn't a main factor in security. So if there's a lapse in renewing it, it's doesn't necessarily mean its fake. You can find plenty of info explaining this and more via Google actually. Even https helps a lot but isn't a security panacea.

I suppose you could say your encryption you choose is the sources of your security.
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
I think I need to do a lot more reading.  I've always been intimidated by reading up on encryption & identity validation because it looks like you need a Ph.D. in math (to understand the deal with Bob and Alice's keys and such).  But narrowing it down to WiFi certificates seems to make it manageable.

Still confusingly, however, the general info seems to indicate that one of the two main purposes of certificates *is* identify validation (the other is encryption).  I've just made a tiny dent in the returns for googling "what-do-certificates-do wifi" (without quotes), in particular, http://security.stackexchange.com/questions/102550/what-are-wifi-certificates-used-for-what-are-they.

And I get that a recent expiry is not that big a deal, but I also read somewhere in the past week that the main issue with expiry is that the expiry date doesn't give you an idea of whether a certificate has been revoked -- that could have been before the expiry date.
Photo of rikkster

rikkster, Mobile Master

  • 67,084 Points 50k badge 2x thumb
Photo of andymhancock

andymhancock

  • 2,018 Points 2k badge 2x thumb
Thanks.  I'll take a bit of time to work through that.  During the work week is the pits for extracurricular reading.