Is HTTPS secure over public Wi-Fi with an expired certificate?

So you were redirected to a captive portal page that had an expired certificate.

Theoretically this puts in risk only the data you transfer over this particular connection, ie. accepting the rules and eventually your personal or payment data if you had to provide any. In fact the captive portal did not have to use https connection at all and you wouldn't probably notice it.

It does not introduce additional risk to the fact that you are already using a public, potentially highly insecure network with all its consequences.

Mind that you were on the insecure network from the moment you established the connection, before you even opened a browser and were redirected to the portal.


An expired certificate just means that the certificate didn't got renewed as soon as it should have been. Certificate renewal is a preventive measure for the case that the private key gets stolen without anyone knowing. Replacing a certificate in regular intervals reduces the usefulness of a stolen key. But expiration dates for certificates can be chosen quite arbitrarily. The risk someone stole the certificate to impersonate the certificate holder increases over time, but that risk doesn't suddenly skyrocket the day the certificate expires.

That means certification expiration warnings are a sign of bad security practices on the side of the website owner, but when the certificate checks out fine otherwise and you choose to accept it anyway, the encryption is just as strong as with a valid one.