The Dutch government says it cannot guarantee the security of its own websites, days after the private company it uses to authenticate them admitted it was hacked.
An official also said the government was taking over the company's operations.
The announcement affects millions of people who use the Netherlands' government's online services and rely on the authenticator, DigiNotar, to confirm they are visiting the correct sites.
To date, however there have been no reports of anyone's identity being stolen or security otherwise breached.
Officials stopped short of telling people not to use government websites but said they should heed warnings posted on the sites or from their browsers.
Already, Google and other major web browser providers have begun rejecting security certificates issued by DigiNotar.
It is unclear who is behind the hacking, though some experts suspect it was launched by Iran's government to spy on dissidents.
The hacking's true extent also is unclear, and investigators are trying to find out how many bogus certificates were issued, and what other sites - or countries - were affected.
For now in the Netherlands "the user of government sites no longer has the guarantee ... that he is on the site where he wanted to be," Interior Minister Piet Hein Donner said at a pre-dawn press conference.
DigiNotar, a subsidiary of Chicago-based Vasco Inc, is one of many firms that issues security certificates for the "SSL" cryptographic protocol - certificates that in effect, act as the stamp of a digital notary guaranteeing the privacy of communications between a user's browser and a website.
Earlier in the week, DigiNotar acknowledged it had been hacked in July, though it didn't disclose it at the time.
It insisted as late as Tuesday that its certificates for government sites had not been compromised.
But Donner said a review by an external security company had found DigiNotar's government certificates were in fact compromised, and the government is now taking control of the company's operations.
The government also is trying to shift over to other companies that act as digital notaries, he said.
"As distressing as this situation is for DigiNotar, the company is cooperating in a professional manner," he said.
DigiNotar could not be reached for comment on Saturday.
In a press statement dated Friday, Vasco chief executive Ken Hunt said the company was "inviting" the Dutch government to send staff to DigiNotar and was "convinced that together we will solve this issue".
Finnish security company F-Secure has said Iran's government may have been behind the hack and launched it in order to spy on dissidents using Google mail.
Other experts said it appears to be the work of an individual hacker.
Earlier this week Google said in a post on its online security blog that the "people affected were primarily located in Iran".
It said that after consultation with Microsoft and Firefox owner Mozilla, users of the latest Chrome, Microsoft Explorer and Firefox browsers will receive warnings if they try to visit any website that uses DigiNotar certificates.
Donner said the hacker's identity is not known and he could not confirm any connection with Tehran.
In a blog posting, Firefox's engineering director Johnathan Nightingale said the company has received "multiple reports" of the fake security certificates actually being used by hackers and blasted DigiNotar for not being more forthcoming when it first detected the break-in in July.
"The integrity of the SSL system cannot be maintained in secrecy," he wrote.
As of Saturday morning, many Dutch government sites were being validated by DigiNotar, but bore a notice for users to watch out for security warnings.
Front page
RSS Feed