More about the product: <a href="https://umbrella.cisco.com/products/features" rel="nofollow">https://umbrella.cisco.com/products/features</a><p>Seems like a very misconfigured deployment, since no normal mobile user will use third party CA to connect via Three. I don't expect that this is on purpose.<p>When they did them same thing at OpenDNS (<a href="https://www.snip2code.com/Snippet/1503745/opendns-is-man-in-the-middling-me/" rel="nofollow">https://www.snip2code.com/Snippet/1503745/opendns-is-man-in-...</a>) the certificate was valid only for 3 days:<p><pre><code> Issuer: CN=Cisco Umbrella Secondary SubCA nyc-SG, O=Cisco
Validity
Not Before: Oct 18 20:32:18 2016 GMT
Not After : Oct 23 20:32:18 2016 GMT</code></pre>
Full disclosure, that's my post, I just thought it would be relevant to your interests. It's deplorable how they're putting tools in place to infringe on the privacy of an entire country using such dangerous tools as _wikipedia_.