Yikes.. So compromise a public wifi and MITM + store any traffic pointed at the affected domain(s), then simply sign up for their own ERP account, download the key and decrypt.
Most public wifi hotspots I've seen are unencrypted, so there'd be no need to do a MitM - just be within range to decode the client and AP transmissions.