Original URL: http://www.theregister.co.uk/2008/01/09/ips_site_cert_glitch/

Digital cert glitch trips up UK passport site

Secondary IPS site in shared credentials snafu

By John Leyden

Posted in Policy, 9th January 2008 11:28 GMT

Digital certificate glitches have affected the operation of a secondary website used for UK passport applications.

Reg reader Marc discovered the anomaly when he needed to renew his passport and did a quick Google search. The search turned up a link at Direct.gov.uk. Clicking on this link to begin the application process opens a window to a new site, registered to the Passport Service.

This site - https://www.passport-application.gov.uk - generates a certificate error in both IE and Firefox as the certificate has been granted to another domain. Surfers who ignore the warnings and attempt to proceed are confronted by an error page.

IPS secondary site snafu

Although this secure site leads nowhere, its regular sibling passport-application.gov.uk redirects to the main Identity & Passport Service (IPS) website, ips.gov.uk.

Digital certificate flaws of one kind or another are commonplace on the internet. The UK IPS glitch involves a secondary website and doesn't really pose a security risk beyond causing mild confusion. Nonetheless, surfers are entitled to expect better technology expertise from an agency integrally involved in complex technical projects such as the UK's controversial ID card scheme proposals. ®