[fazgha]

I read the thread and they were discussing about "audit" made by the Belgium government. I double checked the certificates used for ID cards in [0] and all are self-signed. I don't see any link or ownership to "DigiCert". Perhaps the discussion were related to government's websites.

Example for Belgium Root CA2 in [0]

Certificate: Data: Version: 3 (0x2) Serial Number: 3098404661496965511 (0x2affbe9fa2f0e987) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BE, CN=Belgium Root CA2 Validity Not Before: Oct 4 10:00:00 2007 GMT Not After : Dec 15 08:00:00 2021 GMT Subject: C=BE, CN=Belgium Root CA2

The Belgium Root CA2 in Mozilla discussion is different.

Certificate: Data: Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:41:a1:e1:34:ba Signature Algorithm: sha1WithRSAEncryption Issuer: O=Cybertrust, Inc, CN=Cybertrust Global Root Validity Not Before: Oct 10 11:00:00 2013 GMT Not After : May 12 22:59:00 2025 GMT Subject: C=BE, CN=Belgium Root CA2

[0] https://repository.eid.belgium.be/certificates.php?cert=Root...

[sam_lowry_]

The root message is about adding Belgium Root CA to the CRL..

Is there a Belgium Root CA in Mozilla, Windows, Android or iPhone trust stores now?

[fazgha]

That's I wanted to say. Belgium Root CA and its intermediates are never used for web connection (TLS) (perhaps used internally in gov intranet). I use my Id card for PDF signing. I presume CAs are added to the trused list of Adobe.

You said DigiCert owns those root CAs and I wanted more information about this.

[sam_lowry_]

They were. Now, DigiCert CA is used instead.