Comment by jopsen

Installing a root CA on devices is risky.

From the article:

> It means your employees aren't constantly fighting browser warnings when trying to submit stuff internally.

If your employees gets a habit of ignoring certificate warnings then you have much bigger problems than leaking internal domain names.