[Canada]

I noticed this years ago while in China. I saw someone at a bar with a laptop out using my web site. I went and chatted him up, and I noticed a different TLS certificate, I don't recall if he moused over the lock icon or if his browser, or back then when browsers showed the issuer in the address bar. Freaked me out.

Apparently it's JD Cloud now. Or maybe it was the, and I don't recall correctly. It was a Chinese company, and it really freaked me out when I saw it.

Our company did not do any configuration to enable this behavior. This was in 2017.

AWS was a completely separate entity in China at the time. Fully backdoored of course. Opening an account there required a local company.

With Cloudflare, they were straight up MITM our site which had nothing to do with China at all.

[gruez]

Are you sure they weren't using a corporate machine with some sort of MITM proxy? That seems far more plausible than what you're suggesting. Moreover it's unclear why they'd even bother minting a new certificate for the China side, rather than copying the certificate like they do for all their other POPs.

[Canada]

Yeah, I'm sure it wasn't a corporate MITM. I turned off my VPN and saw the same on my own machine.

I guess Cloudflare isn't doing this any more by default.

They probably didn't share the other cert because they'd have to give the private keys to these Chinese partner.