Thursday, May 12, 2011

Charities SSL issues on their donation forms

Having spent part of today sorting out a charity's online donation page I was keen to have a look at what other charities' forms looked like and how they handled the process.

I was surprised to see that Cancer Research UK had a certificate error caused by them using two canonical names with one certificate - this would work with a wildcard certificate, but not the one they have.

Click on image for larger version

Then I searched for the NSPCC online donation page through Google and came to this page which has a message from their web developer about their CMS and an SSL error - in this case some insecure content on a secure page.

Click on image for larger version

None of this looks good, especially given the resources these organisations have. Its nowhere near good practice.

Interestingly I then searched for Barnardos Scotland on Google which displayed a link that was a 404 error, although manually typing the displayed address in worked. Thats a Google fault rather than a barnardos one though.

All very interesting, and I suspect the result of insufficient ongoing testing of their web site processes. I know from my time in the web hosting and domain registration industry that we had to regularly test our order processing systems to make sure they were behaving as expected.