The German cybersecurity authority (BSI) uses TLS certificates for their public websites based on a ROOT CA that is not trusted by the latest iOS or macOS, meaning all Apple users will get an "untrusted" warning when visiting the agencies website. Chrome, Firefox and Microsoft are not affected.
This seems to be the result of an emergency switch over the Easter holidays to D-TRUST BR Root CA 2 2023 (which has been around for > 2 years). The status of the adoption of this root CA by Apple is unclear. As far as I am aware, Apple isn't part of ccadb.org and they don't publish, if the certificate was every submitted to them.
Anyone here that can help the BSI out of this pinch?
jesusgeez•5h ago
Does anyone know why Apple is not part of the ccadb org? Seems like a central registry (at least of whom to contact where) for submitting root CAs would be helpful.
hko-sh•6h ago
This seems to be the result of an emergency switch over the Easter holidays to D-TRUST BR Root CA 2 2023 (which has been around for > 2 years). The status of the adoption of this root CA by Apple is unclear. As far as I am aware, Apple isn't part of ccadb.org and they don't publish, if the certificate was every submitted to them.
Anyone here that can help the BSI out of this pinch?