Increasing Trust in Public WiFi Hotspots and Signup Services

DigiCert SecureWiFi Certificates are digital certificates that authenticate signup service providers and secure user data during the signup process. WiFi certificates were introduced in the second release of the Passpoint program and were created to further the Wi-Fi Alliance’s efforts to streamline and secure the process of signing up with a WiFi service provider.

These certificates ensure that a user is communicating with the intended service provider and encrypt the communication between a mobile device and an OSU server.


Benefits of SecureWiFi Certificates

Validates the Authenticity of a Service Provider

To receive a SecureWiFi Certificate, a service provider must undergo a rigorous validation process to prove they are a legitimate and trusted provider.

Shows Logo and Friendly Name to End-Users

WiFi certificates include a logo and friendly name for the service provider. This tells end-users that the service provider they are about to connect to is legitimate and has been validated.

Encrypts Online Sign-Up Process

Once an end-user makes a connection with an OSU server, their interactions with that server are encrypted during the signup process—including their login credentials.

Ubiquitous with Passpoint 2.0 Devices

We are committed to helping our customers throughout the certificate management lifecycle and provide a collection of powerful tools.

How It Works

To get a SecureWiFi Certificate, a service provider must apply for one from a Wi-Fi Alliance-certified certificate provider. The service provider must provide documentation to the certificate provider and go through a validation process to prove their identity and that they are a legitimate provider. Once the validation process is complete, the service provider can receive the certificate.

The certificate is then installed on an OSU server by the service provider and is used during the online signup process between the service provider and an end-user.

For example, Chloe walks into her local coffee shop and connects to the wireless access point (WiFi hotspot) using her mobile device. The access point provides Chloe’s device with a list of available service providers. Chloe’s device checks each of the service providers’ OSU server for a certificate and then checks the validity of the certificates. Chloe’s device then shows Chloe a list of service providers and displays a logo and/or friendly name for authenticated providers.

This is possible because of the SecureWiFi Certificate on the provider’s OSU server. The certificate contains the logo and friendly name that appear in the list of service providers. And, because her device is certified for Passpoint 2.0, the device contains a special WiFi root certificate. This root certificate is what allows the device to know that the SecureWiFi Certificate on the OSU server is legitimate.

Now that Chloe knows which providers are secure, she can confidently select a service provider. Once she selects a service provider, she starts a session that is encrypted by the SecureWiFi Certificate. All data, including her login credentials and any payment information, is secured by the Secure WiFi Certificate as it is passed to the OSU server. Once the signup process is complete, the session with the service provider ends and Chloe is able to browse the Internet as she normally would through the access point.