I don't know if calling out the VA specifically is particularly fair on my part – it's possible my issue has been solely when attempting to access DoD sites secured by DoD certificates. Does any other government org in-house their certificates for internal sites in this way that is completely divorced from other root authorities?
boris-ning-usds|5 years ago
I can't speak for all government agencies, but generally there is an internal CA for hosting internal sites. I remember reading a comment from the Federal PKI guide that these sorts of infrastructure goes back to before 2004.
"Prior to 2004, some agencies had already deployed and invested in their own PKI and CAs. Some of these agencies opted out of migrating to the SSP Program and continued to manage their existing infrastructures. These Federal Agencies Legacy operate one or more CAs that are cross-certified with a Federal PKI Trust Infrastructure CA." - https://fpki.idmanagement.gov/ca/
Here's a very short list of public CA certificates from Treasury and it lists out public key certificate for many other agencies as well. - https://pki.treas.gov/crl_certs.htm