A quick one today. At my current job all the computers have a “trusted” CA installed as to allow the corporate IT to spy at whim on all communications, this is achieved by making the corporate proxy / firewall issue certificates for any and all sites they deem necessary (spoiler: all).

This site’s certificate should look something like this:

A plain old Let's encrypt cert

But when connecting through the corporate network it looks like this:

This looks fishy...

So I decided that, since I cannot trust the server certificate, I should try and make my server try to authenticate me instead, using a client certificate, issued by a trusted CA, me.

And with zero expectations of it working, expecting the firewall to block this obvious bypass attempt, it actually worked. Hah!

Article written and pics edited on a phone. Yeah, I was bored