(no title)

I can't speak for all government agencies, but generally there is an internal CA for hosting internal sites. I remember reading a comment from the Federal PKI guide that these sorts of infrastructure goes back to before 2004.

"Prior to 2004, some agencies had already deployed and invested in their own PKI and CAs. Some of these agencies opted out of migrating to the SSP Program and continued to manage their existing infrastructures. These Federal Agencies Legacy operate one or more CAs that are cross-certified with a Federal PKI Trust Infrastructure CA." - https://fpki.idmanagement.gov/ca/

Here's a very short list of public CA certificates from Treasury and it lists out public key certificate for many other agencies as well. - https://pki.treas.gov/crl_certs.htm