You do not have two issues, just one.  This is caused by having domains blocked which are needed by your e-mail client or e-mail provider to handle data orderly.

You'll walk through https://dashboard.opendns.com/stats/all/blockeddomains to compare with the domains in your error messages "*.:443 uses an invalid security certificate", and then add exactly these domains (or their parent domain level) to your "never block" list, or uncheck the related category.

Alternatively, configure your e-mail client program to use a different (non-OpenDNS) DNS service if the program allows you to do so.

Thanks for the responses.  The categories I have blocked are Adware, Gambling, Parked Domains and Web Spam.  I understand the Doubleclick issue, but thought importing OpenDNS' certs would resolve that.  As for the work site issue, nothing is blocked, and I've gone so far as to explicitly allow the site and its cert issuer's domains. I've also examined message source and only calls to other domains is to imgur.com, which is not blocked.  Blocked stats shows nothing unusual.

"thought importing OpenDNS' certs would resolve that"

No, it almost doesn't.  But this is browser dependent.  One browser may allow to overcome it, another not.

"As for the work site issue, nothing is blocked, and I've gone so far as to explicitly allow the site and its cert issuer's domains."

What site and what cert issuer?  If you hit an OpenDNS block domain (hit-reason.opendns.com) with an *.opendns.com associated certificate, allowing another site and another cert issuer won't help if the browser matches the certificate's domain against the actually accessed domain.  These will never match.

So, does this mean your problems are solved?  Or are you still seeing certificate warnings?  If you do, then still certain domains are being blocked when trying to access HTTPS sites, no matter if with a browser or with an e-mail (IMAP) client and even if you think that "Blocked stats shows nothing unusual".  Or it is not your OpenDNS settings causing this, but something else.

OpenDNS certs were imported into email client.  On the doubleclick error, it is OpenDNS' cert that's associated.  For the other issue, site is fieldnation and cert issuer is Startcom; no OpenDNS "intercepts".    Below are requests that were blocked/blacklisted for the day.

"OpenDNS certs were imported into email client."

As I said already, this is irrelevant, because browsers compare the certificate's domain it is issued to, and you access it using a different domain name.  Also, the certificate issuer is irrelevant here, only the domain what the certificate is issued for counts.

"fieldnation" is not a domain name, but seeing that you have Facebook domains blocked, it could be that this site contains embedded content loaded from Facebook, and this is where the problem most likely comes from.  As soon as you hit Facebook domains (generally via HTTPS), you'll face this problem.  If you don't want to change your dashboard settings, you only and best bet is to live with the certificate warnings.

""fieldnation" is not a domain name" 

fieldnation.com

"...it could be that this site contains embedded content loaded from Facebook..."

I've scrutinized message source and see no calls to facebook, just imgur.  The doubleclick cert references stats.g.doubleclick.net

See here the impressive list of domains being used when visiting only the main page https://www.fieldnation.com/ - far from the domains possibly used when visiting other pages.

http://www.webpagetest.org/domains.php?test=160501_DM_HTP&run=1&cached=0

They are all present:  facebook.com, doubleclick.net, and many more (not so imgur.com on that specific page, but maybe on others).  And this is a HTTPS site where all certificates from all participating domains are being checked against the domain being issued and the ones being visited.  If there's any mismatch, the browser or mail client or other agent will issue its normal certificate warning.  And if you have any of the listed domains blocked by your settings, every one of these will cause the agent to raise at least one warning, because blocked domains will come up with an *.opendns.com certificate.

That said, it's all as I initially said, and you know what to do: either don't block these domains, or whitelist them, or live with the alerts.

Looks like I'll have to live with the errors.  Also, thanks for that link; didn't know of it.  But, can't figure why blacklisted domains would be affecting the emails if there are no calls to those domains within email body.

"there are no calls to those domains within email body"

This is also what you thought about Fieldnation and Facebook, and, as you have seen, this has been proved to the contrary.

Be ensured, if your e-mail client comes up about a certificate not matching the issued domain against the accessed domain, it is simply right.  These domains could be accessed by embedded elements, even multiple times nested, so you would not see them within the plain e-mail body.  You also had to follow all links and chains down to their end.