Certificates and wifi

Why do you need certificates in the WLAN?

The data center operated WLANs are operated with authentication mode WPA2 Enterprise, also called WPA2-EAP. In contrast to WPA2, which is used in home networks, authentication is personalized. The authentication does not take place directly on the WLAN access point, but rather passes it on to an underlying infrastructure, the RADIUS server. The WLAN access point and all components on the way to the RADIUS server only see the anonymous identity (eduroam@uni-kiel.de).

Now, if an "attacker" wants to gain access to your real user name and password, they could run a Wi-Fi network with the same name and configure their infrastructure to store device names and passwords. With the certificate, a device can understand the true identity of the authentication infrastructure and cancels the connection in case of a fake.

See also