[GLLUG] Installing SSL certificate at the request of a WiFi provider

James Courtier-Dutton james.dutton at gmail.com
Sun May 8 22:50:11 UTC 2016


On 8 May 2016 at 08:47, John Winters via GLLUG <gllug at mailman.lug.org.uk>
wrote:

> Not specifically a Linux question, but I know a lot of knowledgeable
> people lurk here so I hope it will be forgiven.
>
> A (physical) site which I visit regularly provides a BYOD WiFi network
> to which people can connect their own devices.  You need an individual
> WPA2 login in order to connect to it.
>
> Just recently they've announced that they're introducing filtering of
> https connections, and thus you will also need to install a certificate
> provided by them if you are going to use it to access any https web sites.
>
> Now the only way I can see this working is if they are proposing to
> generate spoof certificates, signed by them, for any such sites which
> you access, install their web filter as a man-in-the-middle, and thus
> have clear-text access to all your supposedly encrypted communication.
>
> Am I reading this correctly, or is there some less malign thing which
> they could be doing?  Should I just stop using their WiFi and rely on my
> own 4G connection?
>
>
I think you have it spot on.
They are setting themselves up as a man-in-middle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20160508/0041d4a2/attachment.html>


More information about the GLLUG mailing list