[m463]

I remember I worked somewhere where they had something like this. Most people had windows machines, but I had a mac that I had installed.

My machine wanted me to accept a client certificate from palo alto networks.

I did not and kept refusing.

I think they had some sort of intrusive mitm proxy that filtered everything everyone was doing/browsing.

[pastage]

The usual way is to require a custom CA for all clients, sounds like an ineffective setup if you can just ignore it. I.e. it should be a intermediate certificate for the proxy you need to acknowledge.

[m463]

I believe it was a browser mitm dialog telling me about the untrusted connection and asking if I wanted to accept the certificate.

I suspect most of the other non-dev machines in the building had the ca installed by IT.