Hi,
I'm a little confused about the website www.united-domains.de (http://www.united-domains.de) where I wanted to order a domain. The problem is I don't get the golden padlock at the bottom of my browser when I visit that site and especially also on the "order form" where they want me to give credit card details.

The strange thing is they have a "Thawte secure" logo on that page and Thawte confirmed that united-domains.de does own a Thawte SSL cert.

The guy from the Thawte support chat told me that for him the pages appeared to be secure, even the home page... Could any of you try to visit www.united-domains.de (http://www.united-domains.de) and tell me if for you that page appears to be secure or not?

The guy from united-domains.de support told me the golden padlock would only show up on the following page, after the sensible data has been submitted. That seems a pretty stupid statement, the purpose of this padlock symbol is to allow users to check security before they submit sensible data, isn't it...

It's strange, I tried it with IE6, NS4.5 and NS4.7 and on two different machines at different locations, and never could see a secure page at united-domains.de, but both UD and Thawte tell me these pages ARE secure... Hmmm...

On IE no padlock and Opera tells me "no security on server" on their order page.

Try this ..

visit the website using this URL:

https://www.united-domains.de/

notice the https at the beginning instead of the http.

https = http secure

Originally posted by Ahmad
https = http secure

I think he knows this. And probably I know this, too. :D
Wow.

The point is that normaly you begin browsing with http and as soon as you enter the order form it changes to https and a padlock symbol appears which doesn't happen at this site.

Originally posted by Walter

I think he knows this. And probably I know this, too. :D
Wow.


I know that you know, I thought that somebody else might not know :D.



The point is that normaly you begin browsing with http and as soon as you enter the order form it changes to https and a padlock symbol appears which doesn't happen at this site.



They should have set their order page using absolute addresses to the https URL, but they didn't, its their mistake. That is what I thought, so I tried changing it manually and it worked :)

Actually looking at the HTML of the page with the order form, it appears the form is submitted to a https URL, the tag looks like this:

<form action="https://www.united-domains.de/suchen-registrieren/index3.html" method="get">

Does this mean the data in the form is submitted securely (in encrypted form) even though the yellow padlock wasn't shown in the browser status bar?

Originally posted by astra4
Actually looking at the HTML of the page with the order form, it appears the form is submitted to a https URL, the tag looks like this:

<form action="https://www.united-domains.de/suchen-registrieren/index3.html" method="get">

Does this mean the data in the form is submitted securely (in encrypted form) even though the yellow padlock wasn't shown in the browser status bar?

In that case yes, but it is silly!

The request that will send your CC info will be encripted, but they should have made the form itself secure too, for obvious reasons :)

I find that some web sites also will use frames, and if say only the center frame is SSL secure, the padlock won't appear on your browser. But if you look at the security settings for just the one frame, it will show it as secure.