Continuing the discussion from LetsEncrypt Installed on Nginx But a Cisco Cert is Being Served Up:
(There is not really an appropriate category for this question, so I apologise if this kind of discussion is not wanted here) [quote=“pfg, post:15, topic:31319”]
Pretty much, though it’s not so much misbehaving and more like whoever is responsible for Umbrella in your organization forgot to ask you to install their root certificate
Before I pick up the phone and ask IT support about this, I have a principle question: do I even want to install that root certificate?
From as little as I understand, I believe that having that certificate installed means granting my organization a man-in-the-middle position, i.e. to let them intercept even my encrypted traffic, right? Is this something anyone would want (except in exceptional circumstances like the one in the original topic)?
Edit: I am not literally asking you to tell me what to do. The point of this topic is to inform about and discuss the use of root certificates, in particular with regard to potential surveillance of employees.