One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won’t need to deal with it much longer though.

I just heard back from my other team that “this project sounds great for your team” even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!