Non trusted certificate suddently valid on work laptop

I’m using Nextcloud for some years now and was able to install the sync client on my work laptop (Win10). However recently the IT start hijacking some certificates and resign them with their firewall certificate :face_vomiting:. My Let’s Encrypt certificate used on my Nextcloud instance looks like in the “graylist” of the one accepted buy resigned by the firewall (some website are totally blocked, some are working normal with the original certificate, like one of my other website with also a Let’s Encrypt Cert).

As soon as they start doing this, Nextcloud client refused to connect, as it should, because the certificate was not supposed valid (in Firefox there is this warning that you must accept the wrong certificate to continue). As It didn’t like me so much, I tried going around and used Tor and proxy Nextcloud through Tor to use it at work, while I can use it properly in home office or when connected to any other network, which is totally allowed with my work laptop with or without VPN to my company network (how stupid this is).

After several days, changing back and forth the proxy option in Nextcloud, suddenly Nextcloud manage to accept the certificate from my company firewall without any confirmation that I trust it from my side.
How is it possible? Unless I did something wrong, it looks like a bad security breach.

How can I untrust this certificate in the Nextcloud client again?

It is difficult to follow your words. If you are worried about a certificate you can invalidate it and clean things up.

Configuration of your Nextcloud via SSL is up to you to sort out. Sounds like you are totally competent to resolve this. Definitely lame to have your company limiting traffic and access. Good luck with it.

I would never ever install anything on my work laptop. And certainly not a sync client that syncs all my my personal files with my personal server. Keep business and personal stuff separate. This will protect you not only from technical issues :wink:

That beeing said, It seems that your company has installed a proxy that hooks into the SSL connection. So the HTTPS connection gets decrypted on the proxy with the company certificate and then re-encrypted from there with the actual certificate of the server you are connecting to. I am not an expert on this topic. But this usualy comes with all sorts of problems, especially when the remote server has certificate pinning or HSTS enabled. Apart from that, your employer can theoretically read your entire traffic in plain text.