[barbazoo]

> And every single government force you to download their own cert

Is that true though? I’ve immigrated quite a bunch (western world only) and never had to download a certificate when interacting with the government.

[Maken]

They used yo. Now most governments just have their own "proper" CAs which are included by default in web browsers. If you look at the default CA list of Firefox or Chrome you will see most of them are public agencies.

[theonlybutlet]

I think Certificate transparency checks mean you should be able to tell if the certificate was fraudulently issued for a domain that is not with the CA. (This circumvents that.)

In your scenario, if the domains CA is the government CA anyway, then it's fair game. Most domains' CA will be cloudflare or whatever not the government CA.

[asdffdasasdf]

here's one example, the brazil irs https://www.receita.gov.br/

good lucky finding the cert if you didn't download your firefox in brazilian portuguese or didn't register you apple device in brazil. I mean, it is not difficult to find the cert, but it is a pain for travelers.

[grotorea]

The problem seems to be "wrong domain", not "CA not recognized". You sure you have the right URL?

[asdffdasasdf]

i'm mobile. probably got the wrong url. only have bookmarks for the ca certs https://www.gov.br/iti/pt-br/assuntos/repositorio/repositori...

[ric2b]

But what do you need these certs for, is there a national website that gets an "insecure" warning if you visit it with a foreign version of Firefox?

[asdffdasasdf]

yeah, the tax preparation website and others.