Broken SSL cert caused by router?
mike-nanog at tiedyenetworks.com
Thu Mar 26 22:38:55 UTC 2015
I have a very odd problem.
We've recently gotten a 'real' ssl certificate from godaddy to
cover our domain (*.domain.com) and have installed it in several places
where needed for email (imap/starttls and etc) and web. This works
great, seems ok according to various online TLS certificate checkers,
and I get the green lock when testing using my own browsers and such.
I have a customer however that uses our web mail system now secured
with ssl. I myself and many others use it and get the green lock. But,
whenever any station at the customer tries using it, they get a broken
lock and 'your connection is not private'. The actual error displayed
below is 'cert_authority_invalid' and it's "Go Daddy Secure Certificate
Authority - G2". And it gets worse - whenever I go to the location and
use my own laptop, the very one that 'works' when at my office, I ALSO
get the error. AND EVEN WORSE - when I connect to my cell phone provided
hotspot, the error goes away!
As weird as this all sounds, I got it nailed down to one device -
they have a Cisco/Meraki MX64W as their internet gateway - and when I
remove that device from the chain and go 'straight' out to the internet,
suddenly, the certificate problem goes away entirely.
How is this possible? Can anyone comment on these devices and tell
me what might be going on here?
More information about the NANOG