GMail IMAP/POP SSL certificate - 'untrusted' and issued by Fortinet

[rookcifer]

Let this be a lesson that we all need to periodically check our certs, or at least, make sure the little lock icon is engaged when on an SSL site.

However, even checking certs may not be enough as there are hundreds of CA's out there and there's no way all of them are trustworthy. Indeed, some of them are very likely ran by intelligence agencies while others are just incompetent and issue certs to bad people (Comodo). Even some of the trustworthy ones may still be giving out certs to NSA for domestic spy purposes. Others might be forging trusted certs and selling them to known criminals just to make a quick profit. We just can't know, which is why I hate the CA model.

[movieman]

It is their network, their rules.

An argument that's unlikely to stand up in court in most Western nations.

And irrelevant to the question of why they're doing so, if they are.

[CharlesA]

An argument that's unlikely to stand up in court in most Western nations.

Perhaps, but for every job I've had, I've had to sign a "network/computer use agreement." Most had some verbage in there about monitoring computer/network usage.

If it is not your network, expect no privacy.

And irrelevant to the question of why they're doing so, if they are.

Again, perhaps not relevant, but only the IT admin of the school can answer if they are doing that sort of thing or not.

[Helkaluin]

Perhaps, but for every job I've had, I've had to sign a "network/computer use agreement." Most had some verbage in there about monitoring computer/network usage.

If it is not your network, expect no privacy.

I believe the stock phrase 'network traffic will be monitored' is just a legal catch-all phrase for logging.


I have contacted with my school IT authorities. Apparently it isn't intentional, and no one else had raised the issue before. They are now finding a solution in the man pages.

Some individual research on the almighty Google found this is actually Bug #87297 in version 4.0.0: http://helpdesk.netcentral.co.uk/ind...nloaditemid=96

But I don't know what version my school is running. So heck.

Personally I'd also ask why they're spying on private emails.

That's what I suspected as one of the possibilities when I first encountered the rogue certificate. But let us not draw conclusions on assumptions.

[klly]

you would get such message when you pass through any UTM Firewall.

why coz the Application Monitoring feature is enabled on the UTM which means that your SSL traffic flow will be inspected for any viruses, worms,,etc. how it works?

Client ----SSL Tunnel ---->UTM FW (Issues a self generated certificate for the SSL Tunnel)----UTM Establishes a new SSL tunnel with desired Mail server on behab of the client ----->pop.gmail (eg).

such inspection would be places in most of the organizations, University, schools ..etc to be able to monitor of the traffic coming out of their network and detect the missus.


but if no written agreement was issued for you, then i guess you can sue them..
hope info was helpful.