Dutch government to stop issuing TLS certs because of ever-complicated standards
The Dutch government, the last EU country that is still running its own certificate authority (CA), announced plans last week to stop issuing new TLS certificates starting December 2021.
The Dutch Ministry of the Interior and Kingdom Relations, which is in charge of the PKIoverheid program, cited three reasons for discontinuing the program:
- The ever-increasing technical requirements imposed by browser makers for running a compliant TLS Certificate Authority (CA).
- Security incidents the program suffered in 2019 and 2020, which forced its staff to replace a large number of certificates for its customers.
- The fact that the Netherlands is the last country in the EU to run its own CA, with all other governments offloading the process to the private sector.
At a technical level, Dutch officials said they do not plan to renew a root certificate for the PKIoverheid CA program once it expires next year, on December 6, 2022.
Since TLS certificates have a lifespan of roughly one year, PKIoverheid will issue its last TLS certs in December this year to synchronize with the root cert expiration.
Dutch officials said that while the government was shutting down the TLS certificate issuance section of PKIoverheid, the program will continue to issue other types of digital certificates, including those for signing official government software.
The section that will be shut down is the one that provides TLS certificates to secure official Dutch government sites and websites and domains for critical sector entities, such as transport, energy, or healthcare providers.
The government expects government agencies and other organizations to obtain TLS certificates from private sector CAs, as is the case in most European countries today.