Introduction
A WiFi Certificate protects the registration process and encrypts log-in credentials when connecting to WiFi, ultimately providing secure network access and increasing trust in WiFi. There are three defining features of a WiFi Certificate:
Authenticates sign-up service providers
Encrypts user data during the sign-up process and communication between a mobile device and essensys server
Ensures that a user is communicating with the intended service provider (essensys)
What is Server Certificate Validation?
Server certificate validation is a security feature of WPA2-Enterprise that makes devices check the identity of a server before they attempt to authenticate to a network. Devices are able to verify the server by checking the CA (Certificate Authority) of the RADIUS server and making sure the CA belongs to the appropriate domain.
Devices typically have a “root store”, a pre-installed list of trusted CA's. In order for server certificate validation to function, the device and the RADIUS Server (the device that essensys uses to maintain user profiles and authentication in a central database) need to both trust the same CA that issued the server validation certificate.
Illustration of how end-user devices connect and authenticate to WiFi:
Why do I need to install this certificate?
Installing the essensys certificate guarantees your device is connecting to the essensys authentication servers when logging into WiFi Secure. The installed certificate verifies the certificate presented by the authorisation server during the handshake is who it says it is. Without this, it would be possible for a malicious actor to set up a bogus wireless device transmitting "WiFi Secure", when your device connects it will pass your credentials as normal, the malicious actor could then obtain and use to connect to your secure network.
Certificate validation, as part of the EAP protocol in RADIUS, is a fundamental security step. It ensures that the certificate presented by the server claiming to be the user's home server is signed by a CA certificate present on the user's device, ensuring that the user's credentials (username and password) are not exposed to a third party attempting a man-in-the-middle (MITM) attack.
What do you need to do?
When you connect to the Wi-Fi Secure with your device you will be prompted to trust the Certificate please see this guide here.
For users that wish to download and manually update their device you can download the Certificates here.