Corporate MITM'ing is always a bad practice, it breaks a lot of TLS (e.g. mTLS) and can't be implemented in a way that will not break legitimate workflows (e.g. cert pinning a untrusted leaf vs the middlebox trusting everything and re-signing with 'real' cert)
