But only the owner of the private key associated with the certificate can intercept traffic. The keys used to sign the certificate have no impact on the actual encryption whatsoever...
It is worth considering that some DoD systems only have whitelisted CAs installed to limit the ability for an adversary to MitM. For example a DoD laptop used in a foreign country, you don't want the foreign government to be able to issue a certificate for a DoD property using their CA (or pressure/steal a commercial CA's signing certificate).
It is worth considering that some DoD systems only have whitelisted CAs installed to limit the ability for an adversary to MitM. For example a DoD laptop used in a foreign country, you don't want the foreign government to be able to issue a certificate for a DoD property using their CA (or pressure/steal a commercial CA's signing certificate).