Re: Broken SSL cert caused by router?

[Joe <jbfixurpc () gmail com>]

You might want to look at some of the documentation on that device.
Looks like it might be doing some proxy stuff.


Regards,
-Joe

On Thu, Mar 26, 2015 at 5:38 PM, Mike <mike-nanog () tiedyenetworks com> wrote:
> Hi,
>
>     I have a very odd problem.
>
>     We've recently gotten a 'real' ssl certificate from godaddy to cover our
> domain (*.domain.com) and have installed it in several places where needed
> for email (imap/starttls and etc) and web. This works great,  seems ok
> according to various online TLS certificate checkers, and I get the green
> lock when testing using my own browsers and such.
>
>     I have a customer however that uses our web mail system now secured with
> ssl. I myself and many others use it and get the green lock. But, whenever
> any station at the customer tries using it, they get a broken lock and 'your
> connection is not private'. The actual error displayed below is
> 'cert_authority_invalid' and it's "Go Daddy Secure Certificate Authority -
> G2". And it gets worse - whenever I go to the location and use my own
> laptop, the very one that 'works' when at my office, I ALSO get the error.
> AND EVEN WORSE - when I connect to my cell phone provided hotspot, the error
> goes away!
>
>     As weird as this all sounds, I got it nailed down to one device - they
> have a Cisco/Meraki MX64W as their internet gateway - and when I remove that
> device from the chain and go 'straight' out to the internet, suddenly, the
> certificate problem goes away entirely.
>
>     How is this possible? Can anyone comment on these devices and tell me
> what might be going on here?
>
> Mike-