CA Certificates

The CA structure for the developer cards mimics that of the official cards:

Warning: these CAs are only for testing! Don't use them or rely on them for anything else.
Be aware of the risks when you decide to import their certificates into the trusted certificate stores of your PCs, browsers, ...

The CA Certificates:

A fixed number of certificates in each set of 5 cards has been revoked ('blacklisted').
We don't foresee the option to unrevoke them, or to revoke addtional certificates.

The CRLs (Certificate Revocation Lists).

In addition to CRL checking, there is also an OCSP responder available.

Importing the CA certificates

The official Belgian root CA certificate is already installed in every Windows an Mac PC and other application such as Firefox. therefore, all Authentication and Signature certificates on the official eID, kids and residents cards are automatically trusted.
The test root CA certificate is not installed in operating systems and other applications, therefore all certificates on our developer cards are not trusted.

How to import the test root CA certificate (root.cer) depends on the OS and application:

Warning: these CAs are only for testing! Don't use them or rely on them for anything else.
The CA's have not be created in a secure way, so take into account that their keys may be compromised and fake test certificates (others then the ones on the developer cards) are issued with them.