Why is the issuer certificate of my home & office different?
I have viewed Gmail's certificate chain at my workplace, and I realised it's different. It looks like this:
Root CA Operative CA1___________.net mail.google.com
When I get the certificate chain at home, it looks like this:
GeoTrust Global CA Google Internet Authority G2 *.google.com
Obviously these certificates are issued by my company. I recently read some other thread on security.stackexchange, and they said the company is eavesdropping (using an MITM proxy) the HTTPS communications to protect the internal network and the client machine against viruses. That means they can read all of the encrypted package that has been sent via HTTPS, including this message too.
If this is true, can I work around this?
The answer to your question regarding the issuer certificate is - Yes, a company doing SSL interception could in theory read all your traffic if you use the company network. Depending on where you live and what kind of contract you have the ability for the company to do this might also be somehow part of the contract or working rules which might also include that you are only allowed to use the company network for work related stuff. Yes, you might use a different machine and network like your mobile phone for your private, not work related, traffic. Depending on the configuration of the firewall it might also be possible to use some VPN tunnel through the firewall. But it is usually explicitly forbidden to do this so you risk getting fired for this.