>We use Fortinet firewalls and SSL (HTTPS, FTPS, IMAPS, POP3S, SMTPS, >SSH) inspection is a standard feature. It works by rolling out a custom >CA certificate from the device to all of the desktops and whenever you >hit a SSL site, a cert signed with the CA is generated and presented to >the user. If you look at the cert your browser has, you can tell the CA >is different but most users aren't looking at that.
By the way, I hope that all of the people who have been ranting about this have read this note. The only way this filtering works is if the client computers have a special CA cert installed into their browsers. That means it's a private organizational network that manages all its client computers, or it's a service where the users specifically do something on their own computers to enable it. It may not be a very good idea, but it's definitely not evil people secretly spying on traffic of innocent victims. R's, John