
Ask HN: How Is My Company Blocking Clojars.org and Maven.org Downloads? - elamje
I am perplexed as to how my company is picking off my traffic and rejecting it.<p>What I know: 
- My company uses a proxy to &quot;inject&quot;(not sure a better term) their own SSL certs into my traffic so they can decrypt https traffic. This is evidenced by the Chrome cert button that shows the issuer name, in some cases it is (my.company.com) So there is that.
- We are also on a company vpn.<p>How the issue arises: 
- When I try to pip install a new dependency my company issues their cert, which makes the download fail.
- Additionally, when I try to connect to maven.org and clojars.org, the cert issue also arises.
- At this point I know I can manually download and build dependencies, but I&#x27;m just curious at this point.<p>The confusing:
- I have a company phone, with personal hotspot, and a personal vpn installed(not a company vpn)
- If I connect my laptop to my hotspot, and turn on my personal VPN, my laptop shows the sites that were originally being intercepted, as not being intercepted. For instance clojure.org use to show(my.company.com) as the cert issuer. Now it shows Amazon. Cool, so I&#x27;m not being blocked anymore. 
- However, I go back to the terminal to install the dependencies with leiningen, and it says &quot;Cannot transfer artifacts from clojars.org and maven.org&quot;: my.company.com
- I have confirmed that the VPNed certs to both of those urls are no longer intercepted with my hotspot.
- So, somehow my company is still able to mess with the downloads.<p>Any ideas why?
======
ctrlaltdev
I believe that your CLI tools are not set up to use your personal VPN - so
they default to your company one and get MITM attacked.

