If you use ephemeral keys, as you should, the contents of past encryption is still secure if the private key gets leaked. The encryption keys are newly generated each time, the certified private/public key pair is only used to validate these encryption keys belong to server that has the certified keys.
With TLS, the symmetric encryption keys are always newly generated regardless of the cipher suite chosen; the difference with the ephemeral cipher suites is how the keys are communicated.
Without forward secrecy, the client chooses the premaster secret, encrypts it with the server's public key, and sends it in the ClientKeyExchange message. With forward secrecy, the client receives signed ServerDHParams in the ServerKeyExchange and responds with ClientDiffeHellmanPublic in the ClientKeyExchange.
Yikes.. So compromise a public wifi and MITM + store any traffic pointed at the affected domain(s), then simply sign up for their own ERP account, download the key and decrypt.
Most public wifi hotspots I've seen are unencrypted, so there'd be no need to do a MitM - just be within range to decode the client and AP transmissions.
This is called Forward Secrecy.