First there is the following story
"After a bit of research, we learned that Cyberoam make a range of devices used for Deep Packet Inspection (DPI). The user was not just seeing a fake certificate for torproject.org, his connection was actually being intercepted by one of their devices. While investigating this further, Ben Laurie and I found a security vulnerability affecting all Cyberoam DPI devices.
Examination of a certificate chain generated by a Cyberoam DPI device shows that all such devices share the same CA certificate and hence the same private key. It is therefore possible to intercept traffic from any victim of a Cyberoam device with any other Cyberoam device - or to extract the key from the device and import it into other DPI devices, and use those for interception.
Ben and I wrote a security advisory and notified Cyberoam of this vulnerability at 17:00 UTC on Saturday, June 30. We made it clear that we intended to publish this blog post and the security advisory on Tuesday, July 3, and encouraged them to respond promptly if they had any comments. At the same time, we notified browser vendors and asked that they blacklist the Cyberoam CA certificate in their browsers.
Cyberoam have not yet commented on this issue, apart from acknowledging our first email and saying that they are looking into it. The Cyberoam CA certificate is not trusted, and so browsers will show users a warning (unless someone has already installed the certificate). Users with the Tor Browser Bundle are not affected.
To check if this CA is installed in your browser, see the following instructions for Internet Explorer, Firefox, Chrome, and Safari. The instructions mention DigiNotar, but they are still valid. If you have more information about this issue, please email firstname.lastname@example.org.
how stupid can you be to use the same certificate everywhere ? This is not cost-cutting, this is just plain stupid.
but when more people start analyzing (the social power of the internet of course) than it becomes clear that all proxy and intelligence boxes that break or intercept the SSL traffic (otherwise it has to be closed because you don't know what is happening and you can have ssl based botnets in your network) use the same technique
they all propose to the visitor a new certificate that will replace the one by the serviceprovider (for example a bank or Google or whatever) and most importantly they will propose the same one to everyone for any service or site (making it easy to collect all the logs and unify them). The problem becomes even bigger because in the case of Cyberoam all installations everywhere use exactly the same default certificate. ....
SonicWALL, Fortinet, Watchguard use the same technique, to name a few
they don't see the issue or problem
having the same key for every machine is a big problem waiting to explode in their face..... it shouldn't be that hard to differentiate them