The site is being served over Akamai and the certificate for www.whitehouse.gov is being served by Akamai but appears the certificate does not have www.whitehouse.gov for the issued domains. Secure actions are redirected to petitions.whitehouse.gov.<p>It may also be possible that they have setup the frontend of the site to only serve the SSL site from certain IPs (Example from authorized site administrator networks, VPN, etc.) if the IP is not authorized redirect to http which would disable the ability for anyone to login that should not be able to login and/or require PIV certs from authorized IPs. So if you are not hitting the site from an authorized IP you can never login and if you do not have a PIV cert you can never login.<p>By taking a quick look around, the site is powered by Drupal, the CSS and JavaScript are compressed but the entire site(s) are served behind Akamai for the internet. It may be possible they are serving out statically compiled pages over Akamai that the internet can get to and the dynamic site might only be accessible internally, which is a good practice for large sites.<p>Also note if you find any weird issues you should be able to call or email the General Services Administration (GSA) who manages the .gov domains registry - <a href="https://www.dotgov.gov/portal/web/dotgov/whois" rel="nofollow">https://www.dotgov.gov/portal/web/dotgov/whois</a> if that fails or it is a security issue you can contact US-CERT - <a href="http://www.dhs.gov/report-incidents#2" rel="nofollow">http://www.dhs.gov/report-incidents#2</a> / <a href="https://www.us-cert.gov/" rel="nofollow">https://www.us-cert.gov/</a> which is apart of the Department of Homeland security which appear to be responsible for protecting the networks of the .gov domains or centralizing the reports of security issues for the .gov domains.