Is not like doing a "semantic search ? I have the feeling that LLMs are great in that topic. For example, I describe a design pattern and LLMs give me the technical name of that design pattern.

Do you have any source for this ? I know that current root certificates are self signed. [0]

[0] https://repository.eid.belgium.be/certificates.php

You have to look for trusted store updates, here is the first link I googled in 5 sec.

https://bugzilla.mozilla.org/show_bug.cgi?id=1335253

I read the thread and they were discussing about "audit" made by the Belgium government. I double checked the certificates used for ID cards in [0] and all are self-signed. I don't see any link or ownership to "DigiCert". Perhaps the discussion were related to government's websites.

Example for Belgium Root CA2 in [0]

Certificate: Data: Version: 3 (0x2) Serial Number: 3098404661496965511 (0x2affbe9fa2f0e987) Signature Algorithm: sha1WithRSAEncryption Issuer: C=BE, CN=Belgium Root CA2 Validity Not Before: Oct 4 10:00:00 2007 GMT Not After : Dec 15 08:00:00 2021 GMT Subject: C=BE, CN=Belgium Root CA2

The Belgium Root CA2 in Mozilla discussion is different.

Certificate: Data: Version: 3 (0x2) Serial Number: 04:00:00:00:00:01:41:a1:e1:34:ba Signature Algorithm: sha1WithRSAEncryption Issuer: O=Cybertrust, Inc, CN=Cybertrust Global Root Validity Not Before: Oct 10 11:00:00 2013 GMT Not After : May 12 22:59:00 2025 GMT Subject: C=BE, CN=Belgium Root CA2

[0] https://repository.eid.belgium.be/certificates.php?cert=Root...

The root message is about adding Belgium Root CA to the CRL..

Is there a Belgium Root CA in Mozilla, Windows, Android or iPhone trust stores now?

That's I wanted to say. Belgium Root CA and its intermediates are never used for web connection (TLS) (perhaps used internally in gov intranet). I use my Id card for PDF signing. I presume CAs are added to the trused list of Adobe.

You said DigiCert owns those root CAs and I wanted more information about this.

They were. Now, DigiCert CA is used instead.