CA Certificates

The CA structure for the developer cards mimics that of the official cards:

A test Root CA
A CA for the resident cards ("Foreigner CA")
A CRL for the citizen and kids cards ("Citizen CA")

Warning: these CAs are only for testing! Don't use them or rely on them for anything else.
Be aware of the risks when you decide to import their certificates into the trusted certificate stores of your PCs, browsers, ...

The old CA Certificates (RSA keys, bepic V1.7 applet, before 2020) :

The new CA Certificates (EC keys, bepic V1.8 applet, after 2020) :

A fixed number of certificates in each set of 5 cards has been revoked ('blacklisted').
We don't foresee the option to unrevoke them, or to revoke addtional certificates.

The CRLs (Certificate Revocation Lists).

In addition to CRL checking, there is also an OCSP responder available.

Importing the CA certificates

The official Belgian root CA certificate is already installed in every Windows an Mac PC and other application such as Firefox. therefore, all Authentication and Signature certificates on the official eID, kids and residents cards are automatically trusted.
The test root CA certificate is not installed in operating systems and other applications, therefore all certificates on our developer cards are not trusted.

How to import the test root CA certificate (root.cer) depends on the OS and application:

For Windows and Mac, it should suffice to download the test root CA and double-click on it; a wizzard will open and guide you through the process. This should be enough for most applications (Office, Outlook, IE, Edge, Safari, ...) because they use the Windows/Mac certificate store.
For Firefox, Thunderbird and Linux applications, you have to manually import the test root CA certificate into the application's trusted certificate store. For example for Firefox and Thunderbird: Preferences - Advanced - Certificates - View Certificates - Authorities - Import. (For Firefox, a certificate import wizzard may appear when you click on the root.cer link).

Warning: these CAs are only for testing! Don't use them or rely on them for anything else.
The CA's have not be created in a secure way, so take into account that their keys may be compromised and fake test certificates (others then the ones on the developer cards) are issued with them.