https://secured.studentfinance.direct.gov.uk is using an expired certificate. Here's the output from OpenSSL:
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA RootAll pretty straight forward - the certificate clearly expired at the end of April 2nd. This causes web browsers to display very prominent security warnings (not just some easy to ignore icon somewhere - you actually have to click through the security warning and tell it that you understand that you're taking a risk). So being the good citizens that we are, we informed them so they could fix their systems - here's the response we got back:
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO SSL CA
depth=0 OU = Domain Control Validated, OU = COMODO SSL, CN = secured.studentfinance.direct.gov.uk
verify error:num=10:certificate has expired
notAfter=Apr 2 23:59:59 2015 GMT
I would advise to clear all browser cache, cookies and temporary internet files, close the browser and reopen a new one.How exactly does that address the problem we raised? It doesn't does it - clearly their support department works on the principle of "don't bother looking into the problem, just tell people to clear their cookies and hopefully they'll go away".
I'm glad that we've never gone down that route with our customer support - when people phone us they don't get fobbed off with some scripted reply; they actually get to talk to someone with a lot of technical experience who can start looking into the problem immediately and provide a relevant answer.