[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Broken SSL cert caused by router?

You might want to look at some of the documentation on that device.
Looks like it might be doing some proxy stuff.


On Thu, Mar 26, 2015 at 5:38 PM, Mike <mike-nanog at tiedyenetworks.com> wrote:
> Hi,
>     I have a very odd problem.
>     We've recently gotten a 'real' ssl certificate from godaddy to cover our
> domain (*.domain.com) and have installed it in several places where needed
> for email (imap/starttls and etc) and web. This works great,  seems ok
> according to various online TLS certificate checkers, and I get the green
> lock when testing using my own browsers and such.
>     I have a customer however that uses our web mail system now secured with
> ssl. I myself and many others use it and get the green lock. But, whenever
> any station at the customer tries using it, they get a broken lock and 'your
> connection is not private'. The actual error displayed below is
> 'cert_authority_invalid' and it's "Go Daddy Secure Certificate Authority -
> G2". And it gets worse - whenever I go to the location and use my own
> laptop, the very one that 'works' when at my office, I ALSO get the error.
> AND EVEN WORSE - when I connect to my cell phone provided hotspot, the error
> goes away!
>     As weird as this all sounds, I got it nailed down to one device - they
> have a Cisco/Meraki MX64W as their internet gateway - and when I remove that
> device from the chain and go 'straight' out to the internet, suddenly, the
> certificate problem goes away entirely.
>     How is this possible? Can anyone comment on these devices and tell me
> what might be going on here?
> Mike-