Why is this certificate for Imgur only valid for one day?

This isn't one of Imgur certificates.

Certificate Transparency logs

Certificate Authorities must report all certificates they generate to transparency logs, which are public databases. This allows user-agents, like Chrome, to check that this certificate can be audited by the website's owner.

According to the following certificate transparency search tools, this certificate was not logged, and such a short lifetime is not usual for Imgur:

• crt.sh
• Google
• Facebook

DNS Filter

According to the error messages, this certificate hasn't been issued by a valid certificate authority, so you can't trust the issuer.

The issuer claims to be "DNSFilter".

DNSFilter is a proxy used to filter requests, and it also tries to proxy HTTPS requests, so it generates a self-signed certificate for every domain.

Since you can't trust the issuer, you can't be sure that the certificate comes from the real DNSFilter product. Anyone could be impersonating it.

---

It's safe to assume that this is not a legit certificate for Imgur.

The exact reason for such a short lifetime for the certificate is unknown.

This is apparently an MITM attack. Someone is trying to intercept the connection.

Whether it is a malicious third-party attacker or the cafe trying to filter content/insert advertisements (relatively harmless) is impossible to say for sure. While the certificate claims to be issued by DNS Filter, it is impossible to say, whether it really was. Anyone can create a certificate with the name claiming to be "DNS Filter", and the certificate is not signed by anyone, so you can't trust what it says. It may have been really created by DNS Filter, but it also could be a malicious attacker trying to gain trust by using a recognizable name. You should NOT assume it was really created by DNS Filter.

Either way, that is certainly not a genuine imgur certificate.

Is this certificate valid

No, it is generated on the fly by DNSFilter or an attacker pretending to be DNSFilter performing an MITM attack.

Why is this certificate being presented

DNSFilter allows monitoring network usage, and blocking sites, but when it blocks a site it wants to show an error message, so if the traffic is encrypted it needs to be able to decrypt it, which it can only do by either:

• Having the original certificate
• Making a new certificate

Why is there a warning

As the new certificate is not trusted by your machine you get a warning. This is true in both cases, an attacker CA would be untrusted, but so would the DNSFilter CA.

Why is the certificate only valid for a day

There are many reasons this could be, but a major one is trying to reduce the risk each individual certificate poses if it is leaked. The idea is that as long as the root cert is kept safe, then even if a site cert leaks, it is only trusted by devices that trust the CA.

As the certificates are generated on the fly there is no issue with the regular re-issuance that this requires.

Is SSL interception a good idea?

SSL interception is generally a very bad idea, for many reasons:

• Sensitive data may be logged by the intercepting device
• The keys may the same for all devices, so anyone can intercept with a copy of the master key
• The key may be gained from the device, leading to anyone being able to intercept
• EV certificates are downgraded to standard certificates
• Applications using pinning will not work with the changed certificate

There are some cases where it is acceptable, when absolutely necessary, but these do not apply for public WiFi, where you do not really trust the hotspot operator.