We recently ran into a strange issue at a customer location: every http/s redirect would generate a browser certificate error. In every case, the destination URL had a valid certificate.
Turns out the Cisco router behind the Comcast device had an expired, self-signed certificate. Despite generating a new self-signed certificate, the browser warnings persisted. Add to the equation we have several customers having no issues using Comcast running the same Cisco router with the same firmware and expired self-signed certificate.
The customer had recently upgraded their Comcast service. On their bill, we see “Gigabit Extra and Security Edge Package”. We turn this off, and the problem is gone. This service might also be called “xFi Advanced Security”.
Evidently the Comcast device is looking at the Cisco router’s certificate when doing the redirect. Since it’s expired and/or self-signed, it throws up the browser warning even if the destination URL’s certificate is valid.