The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk.
The site can still be accessed if users click through their browser's warnings, and contains resources on courts, procedure rules and offenders. It is separate from the Gov.uk Ministry of Justice site.
The reader who tipped us off to the snafu said: "This is a bit poor for a government department which serves out the civil procedure rules among other things."
SSL (secure sockets layer) certificates are used to prove a website's identity and protect online transactions. They can be purchased as a subscription from one of a small group of globally trusted companies, known as a certificate authority.
Since no transactions take place on justice.gov.uk, having no SSL certificate will likely not cause any major problems for users who dare to ignore their browser's warning. It is, however, just plain bad practice on the part of the MoJ's website team.
Sean Sullivan, security adviser for F-Secure, said the value of SSL can be overstated. However, he added: “The real question is how long does the organisation take to fix the problem? Even if I question the overall value of everything being encrypted, once you’ve committed to it, you need to do it. Or else the public will become even further confused."
The Register has asked the MoJ for comment. ®
Sponsored: Webcast: Ransomware has gone nuclear