http vs https for 2 factor auth emails
Hello,
I would like to ask if there is any practical difference between using http versus https for the VPN 2 factor authentication via email. I understand using https is more secure.
When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it, but i was wondering if using plain http is an issue in this scenario and what the risks would be with that.
Thank you,
Spyros
Accepted Solution
-
Hi @USG110
Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.
Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0
All Replies
-
Hi @USG110
"When using it ( https) we get a certificate error/warning which i assume means we need a cerfificate from a CA for it" Based on the above description, can you share the screenshot with us? Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Hello,
Thank you for the reply.
Please see the screenshot of accessing the address via https.
There wasn't any need so far for a certificate, but for users when using https the extra steps to go to "advanced" and then open the site is more invonvinient that using plain http and getting to the site without more steps.
That is why i am wondering if it's ok to keep using http for the 2 factor auth email links.
Thank you again for taking a look at this.
Spyros
0 -
Hi @USG110
Thanks for sharing the screenshot with us. The error message of "ERR_CERT_AUTHORITY_INVALID" is due to the browser doesn't trust the firewall's certificate, it's the browser's known behavior you can refer to this discussion USG60 - SSL VPN connect but "this connection is untrusted". For a safer browsing experience, we suggest that you consider using the https link as it is more secure than http. If the user encounters a warning message, they can click on "Advanced" and continue to browse the 2FA link, as shown below.
Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
@zyxel_jeff zyxel could still apply compatibility for Let'sencrypt…
0 -
Hi @mMontana
Currently, we do not support this feature. Thanks.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
You should. You really should.
0 -
Hi @mMontana
Thanks for your suggestion. We already transferred this requirement to our new feature queue for further evaluation.
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
I don't think that's unpolite to believe that, due tu current status of some "openness feature" requested several years ago from your customers, the evaluation will be with the result "nope!".
But hey, i'd love to prove myself wrong when the support of that feature will appear. Sorry, my bad. if, not when.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight