Anyone remember Blue Coat Systems from the news about the assorted unpleasant state actors they were providing “content filtering solutions” to?
For reasons that have yet to be explained by the issuer(Verisign, now part of Symantec) they have their own fully operational intermediate CA.
This means that if your system trusts Verisign(and odds are that it does) this fine, upstanding, vendor of MiTM appliances can generate certificates that it will trust. This strikes me as a bad thing; and since setting Symantec on fire isn’t an option for most of us, probably worth at least bandaiding.
Hat tip to Filippo Valsorda who has instructions for OSX and a link to instructions for Windows.