I think Iran's intelligence services also wish SSL and HTTPS authentication had been separated at birth. Sure would make things easier for them if all they they needed was the MITM proxy, and not the certificate.