Laurie: Improving SSL certificate security

My company uses a SSL MITM to do virus scanning of https streams. This poses other problems, but a nice feature is that whenever this MITM proxy can't validate a certificate (expired, no link to a trusted root), the user just gets an error page. No simple way around it, the only option is to call an admin, who will do some serious vetting (hopefully!) of the cert, and maybe put it on the exception list.