Today, I was at a clients site and this happened while going to gingsoft.com which is a secure site with an EV SSL certificate, so rather than seeing this:
I saw this instead, red “X” https using SSL:
Your employer will have an SSL interceptor that grabs traffic between your computer and the Internet. When you surf to a site secured with SSL, the interceptor, and not your browser, will get the real SSL certificate from the web server certificate and handles setting up a perfectly good SSL connection between it and the web server. The interceptor then sends you a digital certificate, which looks like the Web server’s certificate, and sets up a “secure” connection between your browser and the interceptor.
If your employer has it set up the correctly you won’t know anything is off because they’ll have arranged to have the interceptor’s internal SSL certificate registered on your machine as a valid certificate (probably distributed by Group Policy). If not, you’ll receive a warning message, which, if you click on to continue, will accept the “fake” digital certificate, DON’T DO IT! In either case, you get a secure connection to the interceptor and not the real web site, it gets a secure connection to the outside site — and everything sent over the interceptor can be read in plain text.