Scraping a list of all (new) Belgian Citizen / Foreigner CA certficates
228 views
Skip to first unread message
Albert Devs
Feb 22, 2021, 2:57:01 AM2/22/21
to eID Middleware Dev
Hello,
The software I'm developing validates the Belgian citizen / foreigner authentication certificate, and to do that it's needed to reconstruct the certificate chain. Because doing proper validation takes some time I try to download the CA certificates ahead of time. What has has worked for me in the past with eID Applet v1.7 and lower is to scrape https://certs.eid.belgium.be/ and then check for updates on a daily or weekly basis.
Now that I'm working on reviewing support for eID Applet v1.8 I notice that the list at https://certs.eid.belgium.be/ still doesn't include the BRCA6 certificate or any of the new Citizen CA certificates signed by that CA. I have been reading some documents found on https://repository.eidpki.belgium.be/ and those point to crt.eidpki.belgium.be/eid as the location where the CRT files can be found. Separate CRT files can be downloaded already, e.g. http://crt.eidpki.belgium.be/eid/brca6.crt or http://crt.eidpki.belgium.be/eid/eidc202002.crt. However, when I surf to https://crt.eidpki.belgium.be/eid/ then I get a 403 Forbidden error page.
The BRCA 6 CP and CPS documentation describes crt.eidpki.belgium.be as "Section for downloading CA certificates. Provides a web page for manual download as well as direct links for automatic download (URLs as encoded in the certificates)." Does this mean the "web page for manual download" is still under construction or that I need to pass some form of credentials to prevent the 403 Forbidden response?
Just in case a new web page is still being developed: might I make the suggestion to have one page which lists the Citizen CA certificates issued by BRCA 6 as well as all the certificates currently found on https://certs.eid.belgium.be/ ? This would make things easier for because it means scraping just one website rather than two.
fvernelen
Feb 22, 2021, 2:57:35 AM2/22/21
to eID Middleware Dev
Hello,
Thank you for reporting this, I've forwarded your question to the people responsible for this.
I'll let you know when I receive an answer.
Wkr,
Frederik
Op maandag 22 februari 2021 om 08:57:01 UTC+1 schreef alber...@gmail.com:
fvernelen
Feb 26, 2021, 7:23:09 AM2/26/21
to eID Middleware Dev
Hello,
I received the answer that they are currently working on this topic.
Also hosting the certificates from older Belgian rootCA's on the new server is something that will not happen though.
Wkr,
Frederik
Op maandag 22 februari 2021 om 08:57:35 UTC+1 schreef fvernelen:
fvernelen
Apr 19, 2021, 4:04:33 AM4/19/21
to eID Middleware Dev
Hello,
A static page with links to the crt and crl files has been created
Op vrijdag 26 februari 2021 om 13:23:09 UTC+1 schreef fvernelen:
Benjamin Demarteau
Apr 30, 2025, 10:37:20 AMApr 30
to eID Middleware Dev
Hello,
Might I suggest that the page be linked to in official documentation ? I just went around a wild chase to get up to date certificates and this conversation is the only place mentionning it.
Maybe on https://repository.eid.belgium.be/index.php? and maybe a link on top of http://certs.eid.belgium.be/ like the one for csca-pass.belgium.be.
Best,
Benjamin
Wouter Verhelst
Apr 30, 2025, 11:09:50 AMApr 30
to eid-middl...@googlegroups.com
Hi Benjamin,
This is actually already done: https://github.com/Fedict/eid-mw/wiki/Development, in the section "Authentication", links to the two sites.
However, the way this is currently done may not be entirely clear. I'll look at updating that a bit to make it clearer.
'Benjamin Demarteau' via eID Middleware Dev schreef op wo 30-04-2025 om 05:24 [-0700]:
Hello,
The software I'm developing validates the Belgian citizen / foreigner authentication certificate, and to do that it's needed to reconstruct the certificate chain. Because doing proper validation takes some time I try to download the CA certificates ahead of time. What has has worked for me in the past with eID Applet v1.7 and lower is to scrapehttps://certs.eid.belgium.be/ and then check for updates on a daily or weekly basis.
Now that I'm working on reviewing support for eID Applet v1.8 I notice that the list athttps://certs.eid.belgium.be/ still doesn't include the BRCA6 certificate or any of the new Citizen CA certificates signed by that CA. I have been reading some documents found onhttps://repository.eidpki.belgium.be/ and those point to crt.eidpki.belgium.be/eid as the location where the CRT files can be found. Separate CRT files can be downloaded already, e.g.http://crt.eidpki.belgium.be/eid/brca6.crt or http://crt.eidpki.belgium.be/eid/eidc202002.crt. However, when I surf to https://crt.eidpki.belgium.be/eid/ then I get a 403 Forbidden error page.
The BRCA 6 CP and CPS documentation describes crt.eidpki.belgium.be as "Section for downloading CA certificates. Provides a web page for manual download as well as direct links for automatic download (URLs as encoded in the certificates)." Does this mean the "web page for manual download" is still under construction or that I need to pass some form of credentials to prevent the 403 Forbidden response?
Just in case a new web page is still being developed: might I make the suggestion to have one page which lists the Citizen CA certificates issued by BRCA 6 as well as all the certificates currently found onhttps://certs.eid.belgium.be/ ? This would make things easier for because it means scraping just one website rather than two.
Reply all
Reply to author
Forward
0 new messages