For up to 4 weeks, the US Department of State's Office of Allowances web site has been using a security certificate whose chain of trust only goes to the State Dept's own CA, with no root CA. Browsers put up scary warnings.
I imagine tech journalists would put this on their front pages, but they haven't. Am I overly concerned, or should I be shouting louder about this? I don't know what the Office of Allowances does.
Update: thanks for the great explanations, deploying their own root cert internally makes sense for some purposes.