The German cybersecurity authority (BSI) uses TLS certificates for their public websites based on a ROOT CA that is not trusted by the latest iOS or macOS, meaning all Apple users will get an "untrusted" warning when visiting the agencies website. Chrome, Firefox and Microsoft are not affected.

This seems to be the result of an emergency switch over the Easter holidays to D-TRUST BR Root CA 2 2023 (which has been around for > 2 years). The status of the adoption of this root CA by Apple is unclear. As far as I am aware, Apple isn't part of ccadb.org and they don't publish, if the certificate was every submitted to them.

Anyone here that can help the BSI out of this pinch?