Germany's cybersecurity authority (BSI) TLS cert untrusted on Apple devices
hko.shThe German cybersecurity authority (BSI) uses TLS certificates for their public websites based on a ROOT CA that is not trusted by the latest iOS or macOS, meaning all Apple users will get an "untrusted" warning when visiting the agencies website. Chrome, Firefox and Microsoft are not affected.
This seems to be the result of an emergency switch over the Easter holidays to D-TRUST BR Root CA 2 2023 (which has been around for > 2 years). The status of the adoption of this root CA by Apple is unclear. As far as I am aware, Apple isn't part of ccadb.org and they don't publish, if the certificate was every submitted to them.
Anyone here that can help the BSI out of this pinch?
Update: The issue is fixed, they are now serving a longer chain with the D-TRUST BR Root CA 2 2023 bundled as an intermediate certificate and cross-signed by D-TRUST Root Class 3 CA 2 2009, which is trusted by Apple.
Does anyone know why Apple is not part of the ccadb org? Seems like a central registry (at least of whom to contact where) for submitting root CAs would be helpful.