Bad certificate from Fortinet

Do they have a FortiGate with Deep Packet Inspection in use? If they then used some selfsigned cert (or one of the fortinet built in CAs) this will cause exactly what you got because your Browser/Client cannot verify the thrustworthyness of the certificate issued by the FGT's DPI.

It's free wi-fi in a pub so I can't know how exactly they operate it.  You are of course correct that rogue certs should be rejected by the browser.

The fake certificate says "Organisation (O) Fortinet" so I thought fair to assume Fortinet might be involved in it somehow. But why choose just one particular website for which to fake the certificate? This does not happen with any other website which I visit on the same wi-fi connection. And more importantly why target me; if I trusted Fortinet's Root CA, which luckily I don't, then I would successfully have been MITMd.

I should say that there is no evidence that Fortinet has anything at all to do with this. However considering they are in this line of business I thought it was reasonable to start by asking for ideas in this place.

what does it say as Comon Name (CN)?

ah yeah I see. That indeed looks like Deep Packet Inspection on a FGT. The Issuer Common Name is the Serial of the FortiGate involved. So looks like they run a FortiGate 40F and have DPI activated one some policy that matches dosbods.com...

The service provider silently fixed it. I never found out why they targeted our site. Thanks for advice.and help.